#mysmartcity–City Broker and security…

Returning to the concept of City Broker, but this time looking at some of things that move it to the right. Or worse, make it really hard to implement.

1. Integration – today there are any number of CPS devices deployed. The bad news is many of those CPS devices were deployed as stand along systems. Some don’t connect easily to the network where they are let along the internet. Many of them as stand alone systems require manual updates. There isn’t a standard that allows us to say this api for management information and this api for command and control of the systems.

2. There are any number of cloud brokers available on the market. I’ve done shootouts with several of them, and they are all good. The problem isn’t the technology right now, it is the market.  When systems integrators sell complexity – the market gets scared. Right now the market is scared.

3. The one that makes me sad because I see both sides clearly and there isn’t anything I can do to change either side now. Distrust of city governments. Or more particularly distrust of all government to a degree. I do understand this and see the risk of proposing a City Broker model for go forward CPS integration but trust me – there aren’t a lot of options.

4. Brokers are still in their infancy (the market is not ready).

The last one is the easiest, that is simply a wait and see. The value of a city broker and the resulting city marketplace will help with the 3rd as well. Distrust of city government and government in general is part of the founding of the US, and has been proven to be prudent in virtually every country of the world.

The integration problem is one that is intriguing. First in that we are moving towards automating things that haven’t been automated as much in the past. The scary reality of that automation is the need for security at many more levels and much deeper than in the past. (Hackers holding companies hostage by locking their elevators and building doors).

As you connect devices you open them to attack. This will require the implementation of new security models. One to one responses (attacking a single device and it responds to the attack) if that device struggles, then it goes to all the devices around it, for a one to many response. There are so many other issues in the security space both the cyber and physical security that we need that last piece of the broader City Broker.

A very smart security person once told me it isn’t about having a highly effective security system that can’t be beat. It is about making someone guess correctly several times. The hacker will get the first few correct, but they have to get many more than 2 or 3 answers right to break in. Defense in depth where the system has multiple layers and types of security.

The City Broker will create a centralized hub that will be easier to attack – but effectively if you increase the breadth of security it will be harder to hack. Yes a known location and entity is easier to attack, but depth and removing risks from the security profile makes it harder to defect.

.doc

City Broker advocate