Try a hammer !
Arm has released a new processor core design for Cortex-M-powered system-on-chips that will try to stop physical tampering and side-channel attacks by hackers. The microcontroller-grade Cortex M35-P CPU cores are aimed at embedded IoT devices that operate in public or areas where there is a risk someone will either crack open …
I presume that's a part of what they hope to defeat. Other microcontroller manufacturers include physical safeguards so one can't take a hammer or a gently wielded scalpel to a chip without destroying its contents making that attack vector non-viable.
That doesn't mean it cannot be done, as acknowledged in the article, but it does raise the difficulty and cost of doing that. It's a variation on security through obscurity; not worth the cost or effort.
That is the problem today, everybody claims about how insecure IT systems are, yet they want the cheapest possible components and software and won't pay even a penny for reasonable security.
Lighting is something that will be installed and remain in place for several decades (they have been updating our town - 30,000 residents, so not overly large - with new street lighting for about 5 years now, I'm not sure how much longer it will take, but I'm guessing another couple of years. Many of the lights being replaced are from the 1970s or earlier. They have done small upgrades over the years - as bulbs blew, they were replaced by energy saving bulbs and the new lamp posts use LEDs.
So the recoup on investment of 1p per lamp post over the amortization of a street lighting system is nothing. Although it would probably add a few hundred Euros to the price of the complete project, but again, chicken feed.
Towns and cities just don't have the budget to replace such systems on a biannual basis, so if they are going to use a smart system, it needs to be robust and secure, if it is going to last a couple of decades, before it can be upgraded again.
This post has been deleted by its author
What possible justification can there be for a "smart" streetlight?
A streetlight requires to be off or on. Conceivably it may be useful to have variable brightness according to ambient light. Those functions are easily handled by primitive electronics, stuff so simple and cheap that these days it's barely even worth making as a kid's kit. That does not need a CPU. It barely needs a few discrete semiconductors. The cost of components over an entire city is probably about 20p/lamp.
Ok, perhaps it would be useful for the streetlight to report its ON/OFF/dimmed state to a central system for a holistic power management view, but even that does not require anything more than a voltage signal: it could even be an analogue value peeled off a current shunt, if you wanted utter simplicity. Virtually no components required.
Surely no one is suggesting that a streetlight needs a processor? What could possibly be the point? What business case could justify the cost of complicating this and adding the expense of parts and maintenance?
Why do I get the feeling that some bunch of scoundrels is actually trying to sell the concept along with some overpriced and basically pointless kit (please tell me no one is suggesting putting SIM cards into streetlights so they can be centrally controlled)—yet another fatheaded solution that has no problem to solve?
There seem to be flashes of cleverness in the field of Internet of Shyte, but no sign of wisdom or common sense anywhere.
PS Am I right in recollecting an episode of Sarah Connor where they hack into the LA city system via a traffic light? Are we overlooking the possibility that by putting "smart" tech into places where it really isn't needed, we're just exponentially multiplying all the points of vulnerability in our civilisation?
"Ok, perhaps it would be useful for the streetlight to report its ON/OFF/dimmed state to a central system"
Bang. Now you need an Ethernet, 4G or even one-wire protocol connections back to a central point, which requires more than a dumb processor.
It's not about what you want to do but how you do it.
Do you want a custom protocol over a custom wire reporting back to custom software on the status of a bulb that you can switch on and off? Or do you just want to IP everything from the traffic lights to the streetlights to the road sensors and send all the info over the same wires from 10 different systems to one location where some larger computers can actually process it?
There is some sense to IoT. It's how you deploy it that matters (i.e. Ethernet chips are 10-a-penny nowadays, and you're already cabling to the thing and powering the electronic circuits - so PoE might well be cheaper than two separate cables - but if you just plug it into the city, you're an idiot. VLANs, RADIUS, port-isolation etc. are MINIMUM REQUIREMENTS).
But when a Raspberry Pi can be had, one-off, for £20 and is a 1GHz machine with gigabytes of RAM, Ethernet, Bluetooth, USB, Wifi, GPIO, etc. then I can't imagine that the IoT device side of things even figures in the expense of a town-level network. For a start, I bet it's MORE EXPENSIVE to buy a simple remote-controlled, timed, on/off switch that works on a streetlight than it is to buy some mass-produced, centrally-controlled, standardised thing.
The enemy of security is commodity and laziness. These kinds of devices are commodity, proven by the fact that you could knock one up, connected and with a SIM card (or eSIMs nowadays) and relay electronics, for less than the price of a little plastic cover in a certain shape.
The problem left is laziness. Don't just Ethernet your streetlamp and not even bother to secure it from attackers.
The problem with IoTing such infrastructure is the expected life of such things.
Around here the replacement cycle for lighting seems to be around the 50 year mark. So, with the current market, you get security updates for 2 years... In that time, given a reasonable sized city, you probably haven't upgraded 10% of the lights, so they'll be out of support before you've even managed to roll out the smartlighting system.
I'd prefer a simpler solution that doesn't offer security problems, if it is going to be running for decades. The "worst" they can do is tell you a light is on when its off or off when its on.
Variable brightness depending upon visibility - make the light brighter when there is thick fog or heavy rain.
I heard one story (can't find a link) about smart streetlights that texted taxi drivers when they detected rain to indicate that there may be an increase in demand for covered transport.
This isn't to say I don't basically agree with you, just have a couple of examples there of why you may consider smart tech in a streetlight.
Lots of things :
1. Potential failure of the light, current consumption too much
2. Actual failure of the light (no light coming when there should be a light)
3. With a small battery failure of power.
4. meshing together @night to only come on when there is a car /person near the road
5. Placing a pollution monitor on the light, and use this for active traffic management.
The local LED street lights here have very good time-keeping - even allowing for daylight saving changes
Compared to my MSF controlled clock - the street lights go off on the tick of midnight. I suspect they come on again long before dawn in winter - which is unlikely to be a light-sensing feature. Given the variable hours of daylight in the Northern Hemisphere it is likely to be a processor calculation - if not a remote control.
Are we overlooking the possibility that by putting "smart" tech into places where it really isn't needed, w't it e're just exponentially multiplying all the points of vulnerability in our civilisation?
Not everything needs to be connected 24/7 but it is the current 'on trend' thing to do at the moment.
The same goes for Electric Scooters. Supposedly...(wft?) Electric vehicles are a gazillion times more reliable than ICE powered ones yet all those Tesla's and now even a battery powered scooter coming out of India is connected 24/7 supposedly as a diagnostic aide. but... but... but.. isn't is soooooooo much more reliable then why does it need to be connected????
unless... (dons conspiracy tinfoil hat) it is part of various governments plans to track our every move.
- state monitoring ( lamp out for example ) -> auto service call
- environmental monitoring ( temperature / humidity / motion / vibration / position )
- traffic monitoring thru motion sensing (infrared/ radar)
- early earthquake warning system ( vibration sensing )
- impact monitoring. if some car hits the pole ...
- weather monitoring
- emergency services ( forced light-on )
- battery state ( for solar powered light fixtures )
- power outage detection ( street lights are on an always-on live feed . If the feed goes down a smart light can send a 'dying-gasp' signal alerting service.
There are plenty of scenarios and many are already implemented.
IoT does not necessarily mean it runs over Wifi. More often specialist mesh networks such as LoRaWan are used.
The sensor packages for such services are very small. A 9 axis accelerometer /positional sensor combined with a temp/pressure/hum sensor can do the job. All electronics can fit in a matchbox and costs less than 5$ in mass production. Why not do it ?
Lamp out will show up in reduced power usage. It won't get fixed until after someone reports it so no point. Environmental monitoring wont happen, not because of the expense but because the govt does not want to know. Google can monitor traffic already as can existing cctv. Early earthquake warning is defeated by traffic. Impact monitoring can be performed by the vehicle which hits it. Weather is only going to tell you what just happened. Emergency services would prefer things not to be changing weirdly. No need for diagnostics if there's nothing there. Battery state I like - have a bloke come out with a handle to hand-crank the mechanical charger on each pole. Power outage is just a bigger lamp out.
Okay you have a point: the biggest problem is it will be implemented by numpties. We already have solar powered road signs which spring out of nowhere (ie: come on) from darkness to dazzle a driver. Did nobody during any of the planning and implementation stop to think "sign in lit up area != sign in middle of nowhere".
Thank you for opening your mouth, and removing all doubt.
Smart street lights can do more than turn on or off.
They can also:
- Alert to electrical/mechanical problems (light will not come on for some reason)
- Change the color of the light (for celebrations, holidays, etc.)
- Be used to repeat other radio signals
- Provide outlets etc. for items such as cameras and signs
- Yada yada.
Now, guess what we're all thinking about you.
In fact I believe the whole of the Motorway and A road network use them.
Other countries power their street lights off a separate network but UK practice is to hang local street lights off of the nearest house supply, making control through the mains (used in other countries) unworkable.
What are they used for? So section of Mway can be gradually dimmed down when there's no one actually on them at 3am on midweeks. They can also report bulb or *gear" failure (or even impending failure) without waiting for some member of the public to phone in saying "Do you know...?"
The best systems fail safe. If the control fails it fails with light full on. then it's under the control of either a timer or photocell in the lamp.
And if councils insist on hooking this up to other systems where there is a way in there's someone likely to use it, if only for the s**t and the giggles.
Biting the hand that feeds IT © 1998–2019