Internet of Things (IoT) Smart Cities: Emerging Standards and Guidance

By Colin Soutar

Colin Soutar is a senior manager in Deloitte’s Federal Advisory practice with over two decades experience in aligning cybersecurity technology concepts with industry standards and initiatives, as a researcher at NASA Johnson Space center, the chief technology officer of a public company, and more recently, supporting several federal government and private sector cybersecurity programs.

Oct 27, 2016 | Society, Technology | 1 comment


Who will you meet?

Cities are innovating, companies are pivoting, and start-ups are growing. Like you, every urban practitioner has a remarkable story of insight and challenge from the past year.

Meet these peers and discuss the future of cities in the new Meeting of the Minds Executive Cohort Program. Replace boring virtual summits with facilitated, online, small-group discussions where you can make real connections with extraordinary, like-minded people.


 

While we are increasingly aware of threats to our personal information, the reach of such threats really can be baffling. Who would have guessed that one day your refrigerator may put your identity information at risk? As the Internet of Things’ (IoT) reach continues to grow, so does the need to secure and protect identity and personal information. This is especially true as our cities are getting “smarter” – that is, becoming more connected as our devices “speak” to each other, sending data in real-time.

The range of IoT-connected devices includes everything from convenient smart toasters to life-preserving pacemakers. The ubiquity of these devices – and the accompanying volume of data and its accessibility – is changing how personal information is protected. Devices are becoming more connected, introducing new and unique challenges to privacy and security: an example of which was the recent denial of service attack launched by IoT devices serving as bots. However, users are not always aware of the connected devices’ vulnerabilities or how better to protect themselves against potential threats.

Convenience may drive the adoption of IoT devices, but there should be an awareness and understanding of related privacy and security risks – especially to allow devices and systems that are designed and developed to protect both individual users and the broader ecosystem. This requires a broad understanding of how systems are connected, the threats they face, and ways to integrate risk-mitigating controls. It also requires knowledge about the intersection of the device, the data it produces, and how that data may be accessed — with the users’ consent!

User authentication and access control lay at the heart of maintaining a convenient, secure, and safe IoT ecosystem. Standards and common frameworks are the building blocks that help to protect users from a device breach. In the rapidly evolving world of cybersecurity, it can be difficult for these documents to maintain pace. To advance this effort, Deloitte[1] has been working with commercial and federal sector clients to help them address these new challenges while identifying new opportunities to promote collaboration and cross-sector insights. This includes working with the National Institute of Standards and Technology (NIST) to enable leading cyber practices to be incorporated into standards and frameworks.

NIST serves as the program office for the National Strategy for Trusted Identities in Cyberspace (NSTIC), a US Presidential initiative to develop technologies and market conditions that make online transactions more secure and privacy-enhancing. The NSTIC establishes principles for trusted identities — security, privacy, interoperability, and ease of use — and charts a path for public-private collaboration to deploy innovative identity technologies. The NSTIC’s principles and concepts apply widely to traditional identity and access management use cases, the IoT, and connected smart cities. Further, NIST worked with industry to develop the NIST Cybersecurity Framework (CSF), a voluntary security framework to improve cyber practices in critical infrastructure. As more IoT devices are developed and deployed, the scope of critical infrastructure can expand.

Recently, NIST has been supporting the development of standards and frameworks for IoT devices and smart cities through a series of programs and collaborations.

The Cyber-Physical Systems Public Working Group works to accelerate the development and implementation of cyber-physical (“smart”) systems within various sectors of the economy – including “personalized health care, emergency response, traffic flow management, and the electric power generation and delivery.” In May 2016, the group released the Framework for Cyber-Physical Systems.

NIST’s Smart Grid Program focuses on the safe modernization of electric power grids through incorporating information technology “to deliver electricity efficiently, reliably, sustainably, and securely.” Working with partners from government, industry and academia, they are developing the Framework and Roadmap for Smart Grid Interoperability Standards and conducting research to further the smart grid’s development.

The NIST National Cybersecurity Center of Excellence (NCCoE) released the draft paper Identity and Access Management for Smart Home Devices in June 2016. This paper is intended to initiate a conversation on authentication and authorization-related challenges in smart homes, as to establish practices for securing these devices.

Further, NIST is part of the international public working group developing the Smart City Framework to establish consensus and leading practices for solutions that address modern cities’ needs.

Timing could not be better, as two key events this week — World Standards Week and Meeting of the Minds — will focus on enabling greater dialogue between stakeholders, which can help advance standards for securing and protecting our increasingly connected world.

World Standards Week convenes standards professionals from a range of sectors for a series of events, with this year’s theme being “Standards Build Trust.” Such collaboration is necessary to develop commercially-viable standards. There are a variety of identity, security, and privacy standards – either existing or being developed – that enable the use of secure, interoperable digital identities and attributes that can be used across security domains, organizational boundaries, and devices. Among the many organizations promoting such standards are the FIDO Alliance, World Wide Web Consortium, OpenID Foundation and Internet Engineering Task Force.

The FIDO Alliance is working to change the nature of online authentication to develop “technical specifications that will define an open, scalable, interoperable set of mechanisms” as to decrease reliance on passwords for authentication. They further this goal by contributing technical specifications to recognized standards development organizations (such as NIST). FIDO could benefit IoT users as their promulgation of biometrics and tokens as authentication factors can reduce the complexity of maintaining multiple credentials for IoT devices.

The World Wide Web Consortium (W3C) is an international community developing open standards to “ensure the long-term growth of the Web” by defining an open web platform for application development to enable developers to build apps using large data stores and that would be available on any device. Their Web of Things Interest Group is a “forum for technical discussions to identify use cases and requirements for open markets of applications and services based upon the role of Web technologies.”

OpenID Foundation (OIDF) is a non-profit international standards organization comprised of companies and individuals who are committed to “enabling, promoting and protecting OpenID technologies.” Their 2015 Summit focused on “governance in Identity Ecosystem and the Internet of Things”

Internet Engineering Task Force (IETF) aims to improve the Internet by providing technical documents that “influence the way people design, use, and manage the Internet.” They have been addressing IoT devices since 2005, by “specifying and documenting key IoT standards and guidance.”

Meeting of the Minds is an innovative forum where security and privacy professionals, technology vendors, different levels of government, policy professionals, academics and advocacy groups will come together to discuss the challenges associated with building and growing smart cities. On Thursday, October 27th, Deloitte will facilitate a lunch-time dialog at which Meeting of the Minds participants can share their views on the types of guidance, frameworks, and reference material needed to improve the privacy and security of connected cities.

To protect our privacy and secure our increasingly connected world, it will take more than a village, and probably more than a nation! It will likely take an international effort with contributions from a broad range of stakeholders with different views, values, and opinions. Even if you cannot make it to Meeting of the Minds or a World Standards Week event, we encourage you to take the time to identify opportunities to engage with the organizations and communities advancing our understanding of IoT smart cities.

This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This article is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte shall not be responsible for any loss sustained by any person who relies on this article.

[1] As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Discussion

Leave your comment below, or reply to others.

Please note that this comment section is for thoughtful, on-topic discussions. Admin approval is required for all comments. Your comment may be edited if it contains grammatical errors. Low effort, self-promotional, or impolite comments will be deleted.

1 Comment

  1. This is a great summary of issues and resources related to cybersecurity related to confidentiality and privacy for Internet of Things devices. I urge everyone to also be mindful of the need to make sure that data integrity and data quality in IoT devices are addressed in the ways these devices are designed and implemented. Going forward, these devices will generate huge amounts of data and we need to make sure these data are sufficiently accurate, complete, consistent, and timely for the intended purpose. Otherwise, we will suffer the problems that come from “garbage-in, garbage-out.”

    If you are invested in discussing this topic, please contact me through http://www.42tek.com.

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Read more from MeetingoftheMinds.org

Spotlighting innovations in urban sustainability and connected technology

The Pandemic, Inequality, Housing Affordability, and Urban Land

The Pandemic, Inequality, Housing Affordability, and Urban Land

Since the Great Recession of 2008, the housing wealth gap has expanded to include not just Black and Brown Americans, but younger White Americans as well. Millennials and Generation Z Whites are now joining their Black and Brown peers in facing untenable housing precarity and blocked access to wealth. With wages stuck at 1980 levels and housing prices at least double (in inflation adjusted terms) what they were 40 years ago, many younger Americans, most with college degrees, are giving up on buying a home and even struggle to rent apartments suitable for raising a family.

What makes it hard for policy people and citizens to accept this truth is that we have not seen this problem in a very long time. Back in the 1920s of course, but not really since then. But this is actually an old problem that has come back to haunt us; a problem first articulated by Adam Smith in the 1700s.

Multi-modal Transit and the Public Realm

Multi-modal Transit and the Public Realm

More than ever, urban transit services are in need of sustainable and affordable solutions to better serve all members of our diverse communities, not least among them, those that are traditionally car-dependent. New mobility technologies can be a potential resource for local transit agencies to augment multi-modal connectivity across existing transit infrastructures.

We envision a new decentralized and distributed model that provides multi-modal access through nimble and flexible multi-modal Transit Districts, rather than through traditional, centralized, and often too expensive Multi-modal Transit Hubs. Working in collaboration with existing agencies, new micro-mobility technologies could provide greater and seamless access to existing transit infrastructure, while maximizing the potential of the public realm, creating an experience that many could enjoy beyond just catching the next bus or finding a scooter. So how would we go about it?

Cross Sectoral Partnerships Can Fight Human Trafficking

Cross Sectoral Partnerships Can Fight Human Trafficking

Dedicated anti-trafficking actors across the nation are trying to build better systems in big jurisdictions like New York, San Francisco, and Los Angeles, and in smaller but scrappy jurisdictions like Waco, Texas and Boaz, Alabama. They all share the same need, for stronger interconnectedness as an anti-trafficking field, and more collaboration.

The Forging Freedom Portal is a one-stop shop where a police officer planning a victim-centered operation can connect with their law enforcement counterparts, and the right service providers ahead of time, collaborating to make sure they’re planning for the language skills, social services, and legal support that victims may need. The portal is a place where the people who care most about ending human trafficking, who are doing the hard work every day on the ground, can learn from each other and share best practices to raise the collective standard of this work.

The Future of Cities

Mayors, planners, futurists, technologists, executives and advocates — hundreds of urban thought leaders publish on Meeting of the Minds. Sign up below to follow the future of cities.

You have Successfully Subscribed!

Wait! Before You Leave —

Wait! Before You Leave —

Subscribe to receive updates on the Executive Cohort Program!

You have Successfully Subscribed!

Share This