New Delhi: In a white paper on technological infrastructure in smart cities, the Telecom Regulatory Authority of India (TRAI) emphasised the need for securing communication networks and citizen data privacy, and mentioned the word ‘security’ 106 times.
The 130-page paper highlighted how information and communication technologies (ICT), especially newer tech like Internet of Things (IoT), Artificial Intelligence (AI), 5G, big data, and M2M communication (Machine to Machine), can assist in better management of a city’s infrastructure.
Titled Smart Cities in India: Framework for ICT Infrastructure and published Tuesday, the paper stressed keeping telecom networks and user data secure as more and more devices connect to the internet and ultimately to each other as well.
“…with evolving new technologies, requirements, and ever-increasing Attack Surface (number of points through which an attacker can access the network), the vulnerabilities are rising many folds with time,” the paper said.
This rise in vulnerability is due to more and more devices from external networks now connecting to the “highly protected Networks” belonging to the Critical Information Infrastructure that enable essential services like transportation, commerce, and clean water.
“Any single device connected to the civic infrastructure could cripple the national critical infrastructure if it is not Secure and Trustworthy. Any Node Device in the Infrastructure could be replaced with a Rogue Device that could provide access to the core of any network, and infrastructure,” the paper noted.
“Getting security right in the age of IoT could mean the difference between chaos and order, not just in cyberspace but in the physical world,” it added.
Tech in smart cities
The TRAI paper looked at a smart city as one that uses ICT-based services to improve the city infrastructure so all its citizens can enjoy a high quality of life.
For example, in a smart city, technologies that may be implemented include M2M, which allows two devices to communicate and exchange data with each other, and IoT, where a network of devices are connected to each other, typically via a 5G internet connection.
In the case of say ‘smart sanitation’, the paper said, “Internet of Things (IoT) and Artificial Intelligence (AI) can leverage and transform the sanitation by collection, and monitoring benefits of real-time data.”
Toilets can be fit with sensors that can connect to the internet for “continuous capture of consumer data”, which helps the administrator of the toilets to provide better service to users.
Security and privacy concerns
The TRAI paper, however, noted security and privacy concerns.
“The M2M devices will be generating huge amounts of data, at times, data that are personal in nature, during its life cycle… Hence to ensure data protection, ‘Security by design’ principle should be implemented,” it said, adding that M2M device manufacturers should be regulated by rules of product safety.
It said ensuring security in IoT products and services must be a fundamental priority.
“Poorly secured IoT devices and services can serve as potential entry points for cyber-attack and expose user data to theft by leaving data streams inadequately protected. The interconnected nature of IoT devices means that every poorly secured device that is connected online potentially affects the security and resilience of the Internet globally,” it said.
The paper noted this problem is further “amplified” by the “ability of some devices to automatically connect to other devices”.
Another concern is that “unauthorized people” could access and alter the data flowing through the network.
To protect networks and users’ privacy in a smart city, TRAI suggested a “collaborative approach” where “developers and users of IoT devices and systems have a collective obligation to ensure they do not expose users and the Internet itself to potential harm”.
The paper also said it is “crucial” to start allocating unique addresses “to each device connected in any network” in a smart city so any illegitimate devices will be recognised too.
While encouraging city administrations to make use of cloud computing that can help store and access vast amounts of IoT devices-generated data, the paper said it is mandatory to use the data centers located within the country when using cloud computing services to “ensure unhindered Lawful Interception (as and when needed for National security reasons) and maintaining the Data Sovereignty”.