Every information and communication technology (ICT) professional knows, at least in a generic way, how and by what means their PC, smartphone or tablet gets and receives an Internet address to connect to the network thanks to computer protocols that are called IP, DHCP, NAT, etc. In general, the rest of the world, we simply turn on our electronic devices and go straight to surf the web of the newspaper we read every morning, or open the email to see what news brings our working day, without worrying or feeling the need to understand how they know “those of the Internet”, to which device they have to send me my emails or the news of the day.
However, and it is also something that most people will probably have heard at some point, your tablet or laptop has to receive an identifier known as an “IP address”: a number that has a special structure, divided into four segments, and that tells you something like, in order to locate you on the network, and to know who you are, you have been assigned an address of the type 82. 125.46.23, which, although it doesn’t tell most of us mortals much, is the most important piece of information that allows your e-mail server to send you all the pending mails from your boss that, since Friday, you haven’t checked and are now in bold in your inbox.
Knowing the structure of Internet address mappings
Now, how do you make sure that no two computers or smartphones mistakenly receive the same IP address and have the same identification number on the Internet? Basically it is thanks to an international organization called IANA (Internet Assigned Number Authority), located in the city of Los Angeles, in the United States, which is responsible for assigning lots of Internet addresses to regional organizations, which are called RIR (Regional Internet Registries).
These RIRs are like macro distributors of candy, they receive a batch from a global provider, literally, and distribute them in smaller bags to other organizations that depend on them. In total, there are 5 RIRs (one for Africa, one for South America, one for North America, one for Europe-Asia and one for Oceania). These RIRs have lots of candy (IP addresses) and, since they are responsible for making sure that no user goes without, they share the task of handing out identifiers to smaller, country-level agencies called NIRs (National Internet Registries) so that each country has its batch of addresses always available.
So the address that your tablet needs to connect to the network and be able to identify itself on it to read the latest posts on your favorite Reddit forum has passed through three “hands”, for the moment, because the NIRs, now, divide again the lots of addresses they have assigned and distribute them to smaller companies or institutions that are called LIR (Local Internet Registries). These LIRs are like the neighborhood store, which almost at street level allows you to buy whatever you want, with the difference that, in reality, they do not give you an address directly, but distribute them among the companies that provide your Internet connection at home (the ISPs or Internet Service Providers), which are those companies that advertise so much on TV so that you have fiber and mobile lines with them because they offer you 20 gigabytes of data more than the competition and a new cell phone every two years.
Now, as you already have a subscription with your ISP, and you have a router at home that offers you wi-fi connectivity for all the devices you have between you, your partner, the kids and what the company has given you, your ISP assigns to each of these devices through your router an IP address, which is that long number that is like the (temporary) DNI of your laptop and that allows you to navigate, This is that long number that is like your laptop’s (temporary) ID and allows you to browse, send and receive data, since your device is already identified with a unique number that all the other computers in the entire global Internet ecosystem will use when routing whatever is necessary for you to listen to music on Spotify or read this article on the sofa at home.
Static vs. dynamic addresses
On the other hand, it is important to mention that an Internet address can be assigned statically, so that it is always the same for a given device. This is usually done for Internet servers, among other important elements, so that we can always connect to them using the same identifying number. In general, for the rest of the user devices, our IP address can change, as it is dynamically assigned according to the ones our ISP has available at that moment.
Smart Cities: identifying our city on the network with a unique static Internet address
Cities do not have an Internet identifier specific to them. In fact, what would they use it for? Until now, a city did not have a presence as a “smart entity” on the Internet, but rather, it is simply the sum of its devices, sensors and technological systems connected to the network that make it a “smart” city. This, however, could change with the arrival and implementation of a myriad of “Smart” systems that are placed throughout the city to improve the functioning of all the city’s infrastructures and services.
If the thousands of sensors, systems, computers, peripherals and elements connected to the network within the geographic perimeter of a city had as a reference a single identity or global IP address assigned to it, statically, so that it would always be the same, wouldn’t it be easier to protect all its systems by then creating “private” networks within the virtual scope of the city as today we create networks at work or at home that are protected and managed with a single point of access through our router to our ISP?
Let’s say that the idea is not new, it has already been proposed in several international forums on cybersecurity over the last few years, but, applied to Smart Cities, it is something that has not been implemented to date. Let’s say that, in our Internet address allocation scheme that we have explained above, the NICs (national address allocation bodies), would deliver batches of IP addresses to each of the cities in the territory where they have jurisdiction. If it is Spain, then all smart cities in the country would receive a static Internet address that would be their global identifier in the network, and, somehow, all systems and devices that connect to the network within that city, would use that address as an access point, creating interior subnets that would contain the number of IP addresses necessary and more than enough for all devices of all residents, plus all elements of IoT networks, plus all services and enterprise servers, etc., would have access to the Internet. The difference, however, is that they would have the global identifier of the city to which they belong, and each Smart City would have its own address permanently assigned in the network.
Autonomous systems in the network
This mechanism is also not a novelty per se, since, at present, all the networks that make up the “network of networks” are grouped into what are known as Autonomous Systems (AS). An autonomous system is defined as “a group of IP networks that have their own independent routing policy”. This definition refers to the fundamental characteristic of an AS: it performs its own management of the traffic flowing between it and the other autonomous systems that make up the Internet. A number is assigned to each AS, in this case to each Smart City, which would uniquely identify its networks within the Internet. Therefore, the process of turning a Smart City into an autonomous system is technologically possible, giving each smart city a unique network identifier that allows the Smart City to become an autonomous ecosystem in itself.
Since Autonomous Systems communicate with each other through routers (somewhat larger and more capable than the ones we have at home), to connect our Smart City to the outside world, to other networks in other cities and to the rest of the Internet, we would simply follow the current information exchange protocols that special routers, called BGP (Border Gateway Protocol) use to keep their interconnection tables between systems up to date, exchanging Internet traffic going from one network to the other. In this way, the Smart City in turn becomes a small Internet, and the management role of this would be carried out by a single entity, typically a single Internet Service Provider (ISP) or a large organization with independent connections to multiple networks, which would adhere to a single, clear routing policy to always keep the city connected.
Cybersecurity benefits of the Smart City
Although it might seem complex to turn every Smart City in the world into an autonomous system within the network, the advantages for the cyber protection of the same increase substantially if we think that we could more easily monitor the incoming and outgoing data traffic of the entire city from a few routers and block hacking attempts of basic systems and infrastructures of this.
The mechanism would not work on the personal devices and private traffic of the city’s inhabitants, but on the sub-networks within the autonomous system of our smart city to which the city’s critical management systems, such as energy, water, emergency services, hospitals, etc., are connected. In this way, while traffic and private connections would follow the same path and connection protocols that our computers now use to access the network (but belonging to the autonomous system of our Smart City), those systems that regulate the functioning of the city would be under a greater umbrella of protection, and would be more difficult to access from outside the city, in the case of a cyberattack, say, from another country that tries to access critical infrastructure that our Smart City may host.
Now that we know the scope of highly professional groups prepared to carry out cyberattacks from the other side of the world, or even governments that routinely penetrate other governments’ systems, better protecting our cities and their infrastructures by turning them into autonomous systems within the Internet may be a way to keep at bay or minimize the damage that these attacks could cause. It is perhaps a matter of investigating in more detail the technological implementation of this type of solutions, and checking if their viability, security and robustness allows us to ensure the functioning of our city, no matter what attempts to alter its systems are launched against it.
