19 June 2020
The Security and Privacy Tale of Three Smart Cities
A fundamental aspect of smart cities is the generation, analysis and sharing of large quantities of data. Smart city technologies capture data about people and places to all forms of privacy, and day by day they drastically expand the volume, range and granularity of the data being collected and processed. However, this smart city process puts individual privacy at risk, and reduces individual trust.
Taking into account this aspect the smart cities demonstrator will move around personal data exchange among citizens and other city stakeholders, mainly the municipalities, as key players in the delivery of public services and citizens’ data management.
The smart cities demonstrator involves a technical provider (ENG), academics (UMU, C3P), a research centre (CNR), a local public administration (GEN) and a smart cities’ network (OASC) who together are working together to:
- put in place and operate a consent-based infrastructure to support a platform for sensors and other urban data; and an infrastructure for personal data exchange and reuse in public services, in compliance with the GDPR;
- setup an open innovation cycle that will drive city stakeholders from a cybersecurity risk and needs assessment to the identification of the related solutions (i.e. cybersecurity services). Risk assessments will be applied at an individual and organisational level.
The main outcome of the activities working towards the smart cities demonstrator is the enablement of a novel ecosystem capable of fostering business models based on personal data exchange and usage in smart city and public services while properly managing the related cybersecurity risks and regulatory compliance to increase user confidence and to pave the way for a smart city cybersecurity competence centre.
The Use Cases
To address smart city security and privacy objectives, several use cases were identified covering the following functionalities:
- Supporting urban data functionality
- Empowering citizens with their data
- Sensor data sharing and processing
- Assessing exposure to social engineering by simulating phishing attacks on a service provider’s target groups
- Performing a cyber risk assessment, evaluating a service provider’s cyber maturity level and estimating the probability and impacts of cyber attacks
- Eliciting cybersecurity needs and selecting solutions
The Demonstrator Set Up
A specific characteristic of a smart city environment is the variety of the infrastructure, with multiple devices and levels of smartness. The demonstrator set ups of Murcia, Porto and Genova will focus on implementing and putting into operation in each of their specific contexts the use cases described above.
The Murcia smart city consists of a FIWARE platform that gathers data provided by hundreds of sensors and other data sources, such as parking providers or public transportation companies. With this demonstrator, we are extending the security and privacy aspects of the existing platform by implementing the self-sovereign privacy-preserving identity management system (SS-PPIdM), that will accommodate the registration of users to the smart city eco-system, taking into consideration their preferences regarding privacy and how their personal data is to be shared and used for identification by the different services registered as part of the smart city project.
Porto currently has a laboratory testbed that combines diverse physical sensors and multiple computing devices with heterogenous resource capabilities. Its purpose is to map a wide range of application scenarios and use cases, including video and audio surveillance, noise, humidity, temperature, luminosity and motion detection, to name just a few. In this demonstrator, Porto will study how current data anonymisation and privacy-preserving techniques perform for achieving individual and citizen privacy.
The Genoa municipality is currently redesigning both system architectures and administration processes, aiming to improve both the efficiency and security of internal and external services. The goal of this demonstrator is to improve the systems and processes of the municipality that handle, manage and protect citizen data. To this end, we are assessing the current security level of the infrastructure, improving the technical skills of data officers and managers and centralising the management of privacy consents and data processing records.
For more information on this phase of all the demonstrators, detailed descriptions can be found here.
Marco Angelini, Vincenzo Savarino – Engineering Ingegneria Informatica