Euro-View: Mauro Tortonesi on smart cities and security
In the near future, smart cities will provide intelligent resource applications for energy, water, mobility and parking spaces, not to mention a new generation of real-time and time-critical locational services linked to health care, entertainment and other activities.
This scenario raises significant security issues. The multitude and pervasiveness of IT services provided by smart cities will form a massive “attack surface”, whose protection will require the development of cybersecurity solutions not just in the IT domain, but in the operational one as well.
Industry and academia have long recognised security as a fundamental pillar for creating smart city platforms, and have been very active in designing cybersecurity solutions for scenarios that build on internet-of-things (IoT) and corporate IT experience. Smart security solutions could significantly support humanitarian assistance, disaster recovery and counter-terrorism operations, for instance.
But such applications present many challenges. First, there is the issue of federating smart city platforms with those of police, civil protection, and military forces. A carefully planned coordination between military and civilian organisations could allow a joining of anonymised identity management with access to smart city services and assets, thus enabling emergency response teams to quickly handle an event.
One of the challenges is to master the deluge of data generated by smart city services and assets. Traditional centralised analytic solutions based on transferring all data to the cloud, processing them via big data methodologies and tools, and returning the results to users are too slow and too burdensome for the network infrastructure. Instead, smart city environments could be better served by distributed analytic solutions, such as “fog computing”, where processing is executed on so-called edge devices in close proximity to raw data sources or consumers, or both.
For example, during a public celebration where a smart city’s centre is closed to vehicles, fog analysis of data captured from traffic light cameras could be made available to police forces and emergency medical services (EMS) personnel to boost security or respond to a situation. Several applications would run concurrently on such a fog computing platform, each one leveraging a set of information processing services. A logistics support application would use a crowd monitoring service to analyse the number of personal devices connected to the network, while video camera feeds could provide a relatively accurate and up-to-date estimate of the number of people present in the city centre. Such information would facilitate significantly the allocation of EMS personnel and resources (public water services, hygiene spots, ambulances, etc.). At the same time, a security-check application would continuously scan video feeds from the traffic cameras for anomalies.
At its most basic function, the fog approach to analysis would help police forces quickly identify anomalies and security threats such as brawl or someone wielding a weapon. A second order of processing would launch finer-grained face recognition algorithms to help identify potentially dangerous suspects for counter-terrorism purposes.
Other applications could leverage fog computing environments to support EMS personnel. For instance, an e-health application could calculate the most like places for heat strokes and dehydration by fusing data collected from IoT videos, temperature sensors or personal health-monitoring devices (pace makers, fall detector applications, etc.).
Finally, both public service and commercial applications could also be run on the fog computing platform. Public service applications provide information to citizens such as traffic or transport data, while commercial applications range across a vast arrange of location-based services, from identifying impromptu performances of street artists to brick-and-mortar sales opportunities.
Such applications use on a wide variety of data types, requiring just as diverse information processing tasks. Enabling them to function within – and be exploited by – a fog computer framework would demand first a highly innovative information model. Second, it would need a corresponding information-centric and value-based service model to deal with complexities of smart city environments and their enormous streams of raw data.
Smart cities present compelling opportunities to increase the security of EU citizens, but their realisation presents real challenges for IT service design, architecture and integration. In addition, the design and deployment of next-generation smart security services will require the close cooperation of a wide range of stakeholders (city administration, civil protection agencies, military forces, IT companies, citizen communities, etc.).
Academia and Europe’s militaries are now investigating these issues and coming up with interesting methodologies and tools. Whatever solutions eventually emerge will lead to a significant paradigm shift away from traditional cloud-based applications. Before then, there is still much work to do to validate candidate solutions as a building block for the next-generation of smart security applications.