Smart City is one of the huge projects since Indian government started this vision few years back. India became one of the major markets for companies who are into this vertical. These brands hold the key to make this a reality in India. Yet the work has already started and we will soon see many such smart cities across India. But there are lot of challenges as well when it comes to implement or deploy the solutions for smart cities development. Like security remains one of the major issues as everything will be digitally connected so there will be a dire need of strong security infrastructure. To further know more about the development, DT interacted with Jim Alfred, Vice President, Certicom Corp, a Subsidiary of BlackBerry Ltd. Read the excerpts below.
Q: What are the Critical considerations and success factors for Smart Cities?
A: The concept of ‘Smart Cities’ is about using technologies and connected data sensors to enhance infrastructure and city operations – ultimately, to enhance the way we live and work. Smart Cities are being designed to offer essential services that monitor and manage things like transportation systems, public assets, power plants, water supplies, information systems, civil bodies and other community services. However, to be truly ‘Smart’ – cities must be safe and secure. With millions of physical and digital connected ‘things’ powering Smart Cities, infrastructure like hospitals and roads, as well as offices and homes, are far more vulnerable to attacks and breaches – sometimes with potentially life-harming consequences.
One city cannot manage this on its own. To be successful, it is critical for local government and global industries to work hand in hand to ensure standards are in place – and security is designed at every layer. This is why BlackBerry just announced a new Security Credential Management System (SCMS) service, offering private and public sectors around the world the ability to accelerate the development of Smart Cities and Intelligent Transportation Systems. This may include the authentication of trusted control points and sensors, including Connected Vehicle V2X Onboard Units (OBUs) and roadside equipment (RSE) infrastructure such as pedestrian crossings and traffic management systems. There must also be a Governance model to enforce certification processes which defines who and what is eligible to receive security certificates. For example, certified device OEMs, authorized transportation agencies and authorized emergency or information service providers.
Q: How do you see the importance of strengthening cooperation as the Smart Cities initiatives continue to gain momentum?
A: The need for increased coordination between governments in the region for a successful implementation of Smart City models is imperative. At the recent East Asia Summit (EAS), EAS members agreed to do more to increase defenses against cybersecurity. The EAS members plan to work together to promote an open, secure, stable, accessible and peaceful ICT environment - which is critical to connectivity and economic development - and, recognizing that some states may lack the capacity to protect their networks, provide help on issues such as developing technical skills. They also recognized the importance of strengthening cooperation on personal data protection. They said they would address the digital divide and development gap by supporting initiatives such as helping micro, small and medium-sized enterprises make use of these technologies.
Organizations focused on Intelligent transportation systems (ITS) such as ITS Americas and ITS Asia Pacific are also excellent forums to establish cooperation between companies and governments to advance the smart city vision. Singapore has been a very strong proponent of ITS, showcasing its smart city initiative in Montreal a couple of years ago, in Denmark this year, and hosting the 2019 ITS World Congress. There are also companies like BlackBerry, with our free CV pilot program, reaching out to help device manufacturers and governments develop robust, secure ecosystems that will enable smart cities to flourish. At BlackBerry, we work with all 7 of the G7 governments and 16 of the G20 governments. We believe in the collaboration of the private and public sector at the highest levels of classification to help keep data safe – but as an industry, we can always do more.
We protect millions of people in thousands of organizations worldwide with our crisis communications technology (BlackBerry AtHoc), including the US Department of Defense and US Airforce, universities, manufacturing, maritime and many other areas.
When a cyberattack happens, we usually think of the digital impact: incident occurs, data is lost, breach is detected, recovery begins. The reality is, just like physical threats, large-scale cyberattacks are also impacting human lives. One example would be how the Wannacry ransomware led to UK hospitals having to reschedule urgent operations for patients. A breach that compromises data also impacts any system that uses that data. This is changing how any organization with a duty of care is planning for risk in an increasingly complex world – and this is a critical consideration for Smart Cities. We see a lot of opportunity for the government and private sector around the world to enable more coordinated, effective and cost-friendly critical communication networks. The end goal is to ensure that organizations are more crisis-ready and cyber-resilient, regardless of the threat.
Q: How does the SCMS help the government and private sector to address the safety and security challenges of Smart Cities globally?
A: SCMS is the Security Credential Management System for V2X, a specialized public key infrastructure (PKI) for connected vehicles. In Europe the SCMS is called the Cooperative Intelligent Transport Systems in the European Union or C-ITS Platform. This is the first phase of its launch in North America, but it is being rolled out globally. The purpose of the SCMS is to govern connected vehicle certificate management so that all players in the ecosystem can trust messages emanating from the system (from vehicles and from infrastructure) as being reliable and authentic.
Certification Authorities (CAs) are the entities which issue these certificates to individual V2X modules, but the governance model must be established through close cooperation between national governments and industry. In this instance, where there is no real regulatory framework, BlackBerry is establishing its own SCMS using industry best practices for Certification Authorities, following WebTrust for CAs trust service model criteria. We only issue certificates to certified devices and trusted entities enrolled in our program. This ensures that communities using our service can rely upon the integrity of the V2X messages they are receiving. Once national policies (or transnational policies between the US and Canada) for V2X are established, we would rely upon them for policy oversight. For deployments using prototype systems, for example emerging cellular V2X (C-V2X) systems which are net yet industry standardized or certified, we can offer test certificates and help develop use cases that establish new connected vehicle and autonomous driving use cases.
In terms of how the SCMS works, its rather complicated, since in both the US and European models security and privacy are major concerns. Without some level of anonymity, ordinary citizen users might reject the technology for fear their movements are being tracked. Without authenticity the system could be easily spoofed. This has driven specialized PKI architectures that enable strong message authentication while at the same time preserving privacy of vehicle operators through the use of anonymous, short-lived vehicle certificates. There may be multiple CAs, but the centralized SCMS sets the policy and governs them all, enabling, for instance a government entity to ask for “misbehaving” device’s credentials to be revoked, managing a “global” CA trust list, and subjecting subordinate CA entities to annual audits and a common policy framework.
