Simon Moffatt, EMEA director, Advanced Customer Engineering at ForgeRock on why digital identity management technologies are vital to IoT and smart city security.
No longer is the smart city concept a far-off, futuristic idea. It is a very real initiative that governments all over the world are embracing. When the initial wave of smart cities implementation began rolling out a few years ago, the core focus was, understandably, on communication and connectivity on a citywide scale. But so great were the rewards being reaped from these new schemes that the identity aspect was often overlooked.
The smart city is built upon the ‘Internet of Things’ or ‘IoT’, which simply refers to internet-connected devices (street lamps, parking meters, rubbish bins, traffic lights etc.) that make a city ‘smart’. But there is a big problem with these so-called connected devices; in most cases, they are actually unable to communicate with each other because they lack individual digital identities.
As a human, our identity is what makes us unique and tells others who we are. Without it, we’d be anonymous, indistinguishable from those around us. The same concept applies to smart city devices. With an estimated 25 billion connected things by 2025, smart city planners are facing something of an identity crisis! Without a unique identifier or an association with a real physical identity, objects are unable to communicate and therefore unable to provide context to the information that they generate or are exposed to.
Identity is also a key consideration when it comes to smart city security. When considered on a citywide scale, the security implications of the IoT are significant. Imagine if a hacker was able to compromise a city’s entire traffic flow system and turn all the traffic lights around the city centre to red during rush hour. If the hacker were also able to interfere with local radio stations, there would be no way for citizens to be warned. As commuters take their usual routes to work, unaware of the issues, the entire city could become gridlocked in minutes. Not only does this cost the city money from a productivity perspective, it also means the emergency services cannot get to call-outs quickly, potentially costing lives.
Fortunately, the rise of digital identity management technologies means that connected devices and users can now be assigned their own digital identity. This means that they can now securely recognise and even interact with other identities to establish digital relationships between users, between users and connected things, and between the things themselves.
By assigning digital identities to connected devices, smart city operators can use real-time data and situational context to personalise public services and better understand how these things are being used. From a security perspective, it is equally important that every connected device within the smart city infrastructure, be it a car, a street lamp or an earthquake sensor, has a validated identity and is correctly attached to the network. If a device can be identified, it is that much easier to confirm that the data it is generating is genuine and can be trusted. Importantly, it also means that if the device is trying to do something that it is not permitted to do, it can be identified and prevented, before it does any damage.
Simon Moffatt is EMEA director, Advanced Customer Engineering at ForgeRock. Simon is a 15-year industry veteran with a strong focus in the fields of identity and access management, the identity of things and devices, consumer identity management and digital transformation. Simon joined identity management specialist ForgeRock in early 2013, having previously worked at Oracle, Sun Microsystems, Vaau and Esteem Systems. At ForgeRock, Simon has a cross-team role, working with the office of the CTO, product management, engineering and product marketing teams to develop cross-vertical solutions and new go-to-market opportunities.