3. Open and horizontal platforms
A rich and dynamic ecosystem
API and data model harmonization
TEF IoT-Big Data Smart City Pillars
4. Open and horizontal platforms
Rely on Open Source Software
FIWARE OSS Community / FIWARE Foundation
Openness to avoid vendor lock in
Benefits mobile operators & cities :
Can choose from a variety of IoT providers, integrators, etc.
Modular and extensible architectures
No more silos of isolated, single-vertical solutions.
Enabling a real IoT BigData Ecosystem for smart cities.
5. Rich and dynamic ecosystem
Cities Entrepreneurs
FIWARE Acceleration
Wayra
Open and Agile Smart
Cities Alliance (OASC).
> 100 cities.
IoT Device Vendors
FIWARE IoT Ready Programme
> 50 kind of devices certified
Mobile Operators
6. Harmonization
Providing a single, generic RESTful API to get
access to smart city data (real time or historic)
FIWARE NGSIv2
Defining a catalogue of harmonized data models
that cover different smart city verticals
API
Harmonization
Data Model
Harmonization
Standardization
With GSMA, our work has been aligned with 5
top operators around the world
New ETSI ISG CIM Group
Ecosystem + Open Platforms + Harmonization = Smart City Replicability
9. Security in Smart Cities
Personal data privacy is key
Cities infrastructure must be secure
Secure from design makes a difference
10. Smart cities, attack targets or attack tools?
24x7 Availability, the city never sleeps
Huge number of devices
Insecure design in some assets
Low or difficult maintenance
11. IoT Security challenges
Heterogeneity Resources Identity Operation
No one size fits
all solutions
Constrained
devices
Authentication
fist
Device
management
12. IoT security challenges require E2E approach
PREVENTION
Preventing or deterring attacks to avoid
or at least minimize losses
DETECTION
Identifying attacks to allow a
fast and thorough response
RESPONSE
Minimize losses and return
to normal business
• GSMA Guidelines
• Managed Connectivity
• Private APN & VPN
• Network Auth & PKI
• Comms Monitoring
• Expense controls
• Persistent Pentesting
• Threat detection
• Anti DDoS
• Managed Connectivity
• Automatic rules
13. IoT Security Self-Assessment in Smart Cities
GSMA IoT Security Self-Assessment helps
Smart Cities across their lifecycle
Deployment
A checklist to
validate the security
measures that has
been put in place
A guidance in the in
order to assess risks,
decide the prevention
measures.
Design
A standard way to
exchange security
information in a
common language.
Onlife
Editor's Notes
Two topics extremely important for Smart Cities in which we actively contributed to GSMA
1. Big Data:
Detail the three pillars on our big data strategy:
Bet on open and horizontal platforms
Nurture a dynamic ecosystem
Harmonize API data models
2. Security:
Present the main challenges on Smart Cities Security
Show how we tackle them at Telefónica using the GSMA IoT Security Self Assessment
The smart city strategy of Telefónica Is structured around three main pillars:
Open and horizontal platforms to materialize the smart city vision
A rich and dynamic ecosystem which facilitates collaboration of multiple stakeholders
On the technological side, API and data model harmonization which enables the portability and replicability of smart cities.
We will be describing all these pillars during this presentation and finally we will present some of the applications we have been working, that demonstrate that thanks to these approach we are realizing smart city replicability.
Open and horizontal platforms are key to enable our vision on smart cities. First of all we have made an outstanding effort on creating an open source community of projects around generic components which can be used to implement smart cities. This has evolved from a EU funded project to a global community supported by a Foundation, participated among others by TEF and Orange, currently headquartered in Berlin.
Open platforms stimulate openness and this by definition avoids the vendor lock in problem. This has resulted in an attractive offer for cities but also for operators. For instance, the openness nature of our smart city offer, makes it possible that multiple IoT device providers approach to us, willing to make their devices and technologies compatible with our platform. As a result, we as operators, can choose the best solution depending on each concrete project or local interest.
* Last but not least open and horizontal platforms enable building modular an extensible architectures in contraposition with isolated silos of single vertical solutions which are typically found nowadays. Vertical solutions isolate data and make it difficult to evolve consistently within a city, that has to deal with multiple providers. In addition exploiting cross-vertical data to provide new services turns into a nightmare. So in order to have real IoT Big Data Ecosystems in cities it is needed to count with open and horizontal platforms.
Our rich and dynamic ecosystem consists of multiple stakeholders collaborating together. First of all we have been able to convince more than 100 cities around the world to form an alliance, called OASC, committed to implement smart cities based on the FIWARE technologies. On the other hand we have fostered the creation of a community of entrepreneurs that are willing to create applications on top of this platform and we have made it possible the creation of different acceleration programs, some of them internal (Wayra), some of them with public funding. The acceleration programs allow to attract entrepreneurs talent to the smart city arena, while fostering the creation of a marketplace of applications interesting for cities, turning our offer into something even more attractive. . We as well, organize from time to time, different hackathons to involve independent developers in our technologies, because they usually provide great feedback to improve our platform and offer and at the same time stimulates networking opportunities.
We have as well set up a program to enable that IoT providers make their devices compatible with our platform. So that, we have three important legs of the ecosystem of a smart city covered: IoT devices, Applications and the platform, and lastly, cities.
Last but not least, we as operators, participate in the ecosystem as platform service providers and offer our technological consultancy services to cities. We facilitate new research around smart cities by participating in EU Funded projects and help cities to join those project consortia.
The last pillar is rather complementary with the rest of pillars described before. Having an open and horizontal platform or a rich ecosystem are necessary but not sufficient conditions to have a great smart city approach. We need the harmonization of APIs and data models to make this come true. Harmonization has to do with having a common grounds for getting access to real time or historical data through common APIs shared by multiple cities. In addition, not only APIs have to harmonized but also data models describing the different aspects of a city (waste management, traffic, mobility, parking). It is needed to have common representation mechanisms for these aspects agreeing on data formats, ranges, accuracy, etc. TEF together with GSMA have been working for 1.5 years in API and data model harmonization. We are proud to say that currently 5 operators (TEF, KT, Orange, China Mobile, China Unicom) have implemented these common APIs and data models and are presenting different showcases, based on these technologies, at the GSMA innovation city. In addition GSMA offers an API Directory with public end points where developers or entrepreneurs can start experimenting with these new approach.
Last but not least, on February this year a new ETSI Industry Specification Group, named as CIM, Context Information Management, has been launched. This new group will provide formal standards for context information in smart cities, offering a common grounds for cities around the world for implementing their smart city projects following a common standard API and associated data models.
We developed this car navigator together with the cities of Santander, Porto and Antwerpen. The idea is that thanks to the harmonized APIs and data models offered by smart cities, car driver’s experience can be enriched by enhancing car navigation with real time parking data or air quality or weather situation. Drivers can be adviced of the best routes to follow and to find the best parking spot. Same navigator can work on multiple cities, demonstrating replicability. This prototype developed using HERE Maps technologies was presented successfully last year at Mobile World Congress.
This is a direct application of the benefits of harmonization. TEF has built a generic and replicable dashboard application for cities. The only requirement is that city data has to be harmonized, following the FIWARE APIs and data models. The dashboard is multi-vertical and multi-city and can be installed of-the-shelf by cities. There is no coupling between IoT Data providers and the dashboard (visualization providers), they work completely independent but as they speak the same language can interoperate. This is the example of what we are doing. This city dashboard demonstrator was presented during last Smart City Expo with great success. Our customers are about to install it in their production ready environments.
The Smart City customer is the citizen, protecting Smart Cities secure is protecting the citizen personal data and even personal safety.
IoT Security in Smart Cities has three principles:
Protect Citizen Privacy: Personal data leaking is a huge problem. Once privacy is lost, it is lost forever. What is seen, can not be unseen.
Privacy protection is not only about securing personal data records.
Utilities meters can give information about if you are at home or not, if you have a big family or live on your own …
Protect Citizen Safety: Public services and city infrastructure security incidents can generate significant issues or even personal damages.
A software bug closed down San Francisco’s subway system three years ago, temporarily trapping some riders underground
A researcher at a security firm blogged about how easy it was to hack into Washington, D.C.’s traffic signals, which lacked any security controls.
Secure Design: Smart Cities, as any IoT deployment, must be designed with security in mind. Including security afterwards , specially on large deployments, is costly and ineffective.
Last year, we learn the hard way that cybercriminals not only want to disturb IoT services but also to use IoT as a tool to launch DDoS attacks and blackmail victims.
Infecting a personal computer is heavy-lifting: sending a bad translated email, trick the person to open an excutable, bypass the antivirus and hope that the infected computer is connected when required.
Many IoT devices nowadays, like the IP cams that DDoSed Dyn DNS last year, have none of these barriers:
Availability: Devices that are permanently connected to the Internet, with a significant bandwidth.
Large number of devices:It is estimated that by 2020 there will be around 25 billion IoT devices connected to the Internet according to Gartner .
Insecure design: Some manufacturers do not pay attention to the most elementary rules of security.
Low maintenance: Usually no security maintenance is performed by the user, such as changing the default password.
Heterogeneity: there is a huge variety of devices, networks, app protocols, authentication methods and cloud platforms. Security measures cannot be generalized in all scenarios you must find the right approach.
Resources: devices, mainly in massive IoT deployments, are really resource constrained in order to fit cost and battery restrictions so classical IT approaches are not always right. New technologies like ECC certificates must be applied.
Identity: before devices can be managed, they need a unique identity that can be used to establish and ensure a secure communication channel. Selecting the right identity for each type device, bootstrapping that identity on the device and securely storing keys or certificates is an essential part.
Operation: managing these devices, being able to securely update its software, continuously monitoring its integrity, detecting compromised devices and being able to deactivate or erase its data.
IoT Security must be addressed in all product lifecycle stages and technical layers.
Operators as connectivity providers can leverage many network assets that can increase IoT solutions security.
GSMA Guidelines:
VPNs and private APNs can isolate devices from the Internet and secure the communication channel between the network termination and the IoT Platform datacenter.
Comms Monitoring: Monitoring traffic activity can detect, report and eventually block unexpected activity on the network. Communications Monitoring can detect suspicious patterns like unexpected destinations, strange payload sizes, not scheduled communication timetables, undesired locations. The most important thing is that these metrics can be obtained without any integration effort.
Network Authentication is successfully used in other business like carrier billing payments and can be a good alternative when using certificate mutual authentication is not suitable due to device constraints.
ElevenPaths is a Telefónica company focused on security. ElevenPaths creates innovate products in cybersecurity in order to provide the privacy and trust that our digital life needs:
Trusted PKI: Symantec Managed PKI with dedicated local support and analyst team
Vamps powered by FaasT: persistent pentesting
Security Monitoring: monitoring infrastructure logs and Smart m2m logs
CyberThreats: underground forums motorization for leaked credentials, planned attacks, phishing applications …
On early 2016 GSMA published the IoT Security Guidelines
These guides compile Internet of Things security best practices and recommendations from the mobile industry.
Each part of the guide is focused on a layer of the IoT technological stack.
Based on these guidelines the GSMA IoT Security workgroup led by Telefónica, Telit, and Intel published the IoT Security Self Assessment
The IoT Security Self Assessment helps Smart Cites
Design: A guidance in the in order to assess risks, decide the prevention measures.
Deployment: A checklist to validate the security measures that has been put in place
Onlife: A standard way to exchange security information in a common language.
Telefónica has been a pioneer on this and recently self-assessed its Smart City Platform and its managed connectivity platform Smart m2m.