Trusting Smart Cities: Risk Factors and Implications
Margaret L. LoperThis article is the latest addition to the U.S. Army TRADOC G2 Mad Scientist Initiative’s Future of Warfare 2030-2050 project at Small Wars Journal.In the coming decades, we will live in a world surrounded by tens of billions of devices that will interoperate and collaborate to deliver personalized and autonomic services. This paradigm of objects and things ubiquitously surrounding us is called the Internet of Things (IoT). Cities may be the first to benefit from the IoT, but reliance on these machines to make decisions has profound implications for trust. Trusting smart cities refers to the confidence and belief of smart city installations to be capable of operating securely, reliably, and accountably. To understand how trust applies to smart cities, we introduce formal definitions of trust and risk, and present three risk factors that capture the range of issues that must be considered when deploying smart city technologies. Building on these risk factors, a threat analysis matrix for capturing how well smart cities are addressing these risks is proposed. We close the paper with some thoughts on the future of warfare in smart cities.IntroductionThe urban environment is becoming increasingly more connected and complex. In the coming decades, we will be surrounded by billions of sensors, devices and machines, the Internet of Things (IoT). Cities and urban areas that benefit from the IoT are commonly referred to as Smart Cities (SC) :"A smart sustainable city is an innovative city that uses information and communication technologies and other means to improve quality of life, efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social and environmental aspects."The idea of a SC can be applied to other domains as well, such as smart military installations, smart compounds, and smart campuses. [i] Smart city applications are developed with the goal of improving the management of urban flows and allowing for real time responses to challenges. However, there are security risks associated with deploying distributed sensor networks in urban environments. One risk is the ability of adversaries to gain access to civilian infrastructures and use them against us. Therefore, it is critical to understand how these IoT technologies will be used in urban environments, their operational behavior, how citizens will interact with these sensor networks, and security implications of large scale deployment in urban environments.Cities may be the first to benefit from the IoT, but being surrounded by billions of sensors, devices and machines has profound implications for security, trust and privacy. The more technology a city uses, the more vulnerable to cyber-attacks it is, so the smartest cities face the highest risks. While security, privacy and trust are all critical areas for IoT, our specific interest is focused on Trust.The need for trust has long been recognized, as stated in , the “… pivotal role in … decision making means it is essential that we are able to trust what these devices are saying and control what they do. We need to be sure that we are talking to the right thing, that it is operating correctly, that we can believe the things it tells us, that it will do what we tell it to, and that no-one else can interfere along the way.” This brings us to the idea of whether we can trust smart cities.This paper is organized as follows. In section II we introduce a formal definition of trust and its inverse relationship to risk. In order to understand how trust applies to smart cities, we introduce three risk factors in Section III. A threat analysis matrix is introduced in Section IV, which represents the next steps in understanding the risk to smart cities. We close the paper with some thoughts on the future of cyber-attacks on smart cities.Trust and RiskThere are several definitions of trust. Trust is the belief in the competence of an entity to act dependably, securely and reliably within a specified context . Trust is the extent to which one party is willing to depend on somebody, or something, in a given situation with a feeling of relative security, even though negative consequences are possible . In other words, trust is a broader notion than information security; it includes subjective criteria and experience. Trust includes concepts, such as
- Perception – awareness of something through the senses;
- Memory – past history and experience; and
- Context – trust may exist in one situation, but less or not at all in another.The subjective nature of trust relies on one’s willingness to participate in a transaction, and the relative security of the outcome of the transaction. Thus, there is an aspect of dependence, which includes both uncertainty through possibility and risk through negative consequences .Risk emerges when the value at stake in a transaction is high, or when this transaction has a critical role in the security or the safety of a system. “In most trust systems considering risk, the user must explicitly handle the relationship between risk and trust by acknowledging that the two notions are in an inverse relationship, i.e. low value transactions are associated to high risk and low trust levels and vice versa, or, similarly, risk and trust pull in opposite directions to determine a users’ acceptance of a partner.” To understand how this inverse relationship applies to smart cities, we define three key risk factors : non-technical, technical and complexity. Non-technical risk includes aspects of a SC where humans are involved, such as management, training and education, governance and security practices.Technical risk factors focus on the technology aspects of a SC, including both hardware and software systems. This also includes the concept of cyber-physical systems, which is a system of collaborating computational elements controlling physical entities. The last risk factor is complexity. A smart city is not a discrete thing; it is the complex multi-dimensional interconnection of diverse systems (human and technology) that deliver services and promote optimum performance to its users. There is risk in the complexity of these systems, especially as the scale becomes very large. These key risk factors are described in more detail in the following section.Risk FactorsIn this section, we describe examples of risk that fall into each of the three dimensions.Smart cities represent a fundamental change to the way that services are delivered – it’s not primarily about technology, but about service transformation and improvement . This brings into focus the importance of processes and people, i.e. how to make a city smart and who manages it. This leads us to the non-technical risk areas: management, training and best practices.Management. Advanced technologies increase complexity and uncertainty. The greater the risk, the more necessary it is to have effective managerial and policy tools to deal with the risk. Performance of smart cities will depend on effective management of the systems and infrastructure, not purely the performance of the systems themselves. Information technology (IT) deployment is a complex endeavor, and failure to manage the high risks associated with a deployment can lead to total failure in technology-driven public sector projects. An example of this is the disastrous roll out of the health information marketplace for the Affordable Care Act.  In fact, 85% of all IT projects fail because of the challenges by non-technical aspects of innovation, in large part - policy, organization, and management-related risks ....