Smart cities and IoT is here to stay. And going forward , 5g, Elon Musks satellites laser internet whatever system and things like nb-iot, lorawan, microwaves and more , things will only become more vulnerable. And connected.
Hardware is hard. Margins can also be rough. Look at half the scams on Kickstarter and even crypto ICOs. Sell a vision to naive folks and never deliver anything real. Or deliver an insecure raspberry pi with no security features. The Intel's of the world have vulnerabilities much less some fly by night sell some $9.99 sensor company.
Security is hard. It's not sexy. Nobody cares till they have to care. Plain text passwords, lack of security knowledge, it's all easy and faster to just pretend security isn't real. Robinhood takes money from millennials and stores in plain text. Nice. Not really. But even the unicorns and hot companies get caught in this release faster and who cares about software development lifecycle and security processes. It is what it is , but real.
So what can be done about smart cities and IoT and this hatred for cryptography and encryption? The dislike of any cyber security protocols by the politicians, government agencies and law enforcement agencies? This is bad. People who seem to be very uneducated when it comes to anything related to technology are passing laws and pushing their own agendas or corruptions.
Maybe it's not their fault. Maybe it is. Then again transparency and real open data isn't a desire from any of these groups either. Somehow not wanting privacy and encryption , but needing it at the same time to hide their own secrets is some massive weird unknown. It's a bit shady. And not good for anybody. Add this hate for encryption to the Facebook's building their own private bank and bypassing encryption by just putting more controls on phones to collect and spy, is a serious serious issue.
So what can we do ?
Well for IOT and smart cities , encryption is useless if the devices are vulnerable. My company Pagarba does IoT and smart city vulnerability and pentesting. We do blockchain. From our perspective, A good idea and best practice, whether pagarba or another firm, is some form of IoT security audit. Perform a full end to end checks and balances assessment. Where you assess the network, data and device inventory, data and device classification, application and device flow mapping, along with a thorough risk and privacy impact assessment. At this juncture you can even add drone mapping for physical security assessments. All this to drive appropriate protection for your IoT community, organization and smart cities.