Imagine having the ability to turn on and off the street lights in any part of the city of Los Angeles (or throughout all of it) with the click of one mouse.
The city has a plan to attach GPS-enabled mobile chips to existing streetlights so that a city worker can remotely control what happens with them, such as turning individual lights on or off or visibly dimming or brightening them.
There are a number of perks to giving the system the Internet of Things (IoT) treatment—cost-savings, for one, in terms of monitoring energy usage and reducing it where it’s not needed. And, the system will alert the city when an individual light goes out.
"We'll be able to find out if a light goes out right away, as opposed to waiting for someone to call," Ed Ebrahimian, director of the city's Bureau of Street Lighting, told CNN. "It's really about customer service."
There’s also the ability to coordinate with LA’s 911 system, so that lights automatically turn on in an emergency.
"It opens the door to all sorts of smart city applications," said Ebrahimian.
Ken Westin, senior security analyst with Tripwire, told Infosecurity that the plan opens the door to all sorts of security concerns too. Consolidating the control of neighborhood lighting down to potentially one human being? I mean, really, what could possibly go wrong?
“Although they plan to use encryption and secure networks, there are additional considerations that should be taken into account, such as how the firmware in these lights will be updated,” Westin said. “Although the system may be ‘secure’ now, as the lights and network become more distributed they become a target for hackers who will identify vulnerabilities in the system and the lights themselves.”
Philips, which supplies the mobile chips, said the system has “banking-level” encryption technology and uses cell networks from mobile operators that are more secure than local networks and therefore should be a deterrent against hackers. Westin said that the city would need to go further than that.
“The choice of using a cellular network, although convenient as they do not need to lay cable, introduces additional vulnerabilities to the system,” he explained. “A cell jammer can block communication to the devices, and if networks are otherwise unavailable, can make these devices inoperable."
And then of course there will be a need to commit to security monitoring and maintenance.
“It is not clear if Los Angeles has allocated budget for continuous security monitoring of this system. The city will need to ensure that they are continuously monitoring for vulnerabilities in the system, as well as detection capabilities to identify potential compromises,” Westin said. “This cannot be a system that they ‘set and forget’ as there a number of moving parts in this system, and given the high profile of the system it makes it an appealing target for thieves.”