Dec 05 2019

Wi-Fi Security: How to Secure Citywide Wi-Fi Networks

Wi-Fi security protocols for smart cities need to guard against rogue Wi-Fi networks and ensure strong encryption.

Wi-Fi access and citywide Wi-Fi networks are critical assets to smart cities and towns around the country.

However, that network availability comes at a cost, as public Wi-Fi networks are vulnerable to cyberattacks. Cybersecurity firm Norton calls free public Wi-Fi a “hacker’s playground for stealing personal information.” It doesn’t matter whether that free Wi-Fi is provided by the local Starbucks or city hall: They’re all hacker targets.

But a combination of strong encryption and implementation can make big differences in how cities keep their citizens and visitors safe for when they use public Wi-Fi networks. 

“Even with weak encryption, you have to apply resources to break it,” says Ted Wagner, vice president and CISO of SAP NS2, a cybersecurity subsidiary of SAP. “A lot of time, cities get in trouble with poor implementation and configuration.”

Public-private partnerships can also help cities harness the power and expertise of tech companies to do the heavy lifting for them — and cut down on costs.

MORE FROM STATETECH: Find out how to make smart cities safer and more secure.

Strong Encryption Is the Starting Point for Safe Public Wi-Fi

As public Wi-Fi has gained prominence, so have stronger encryption options. Wireless Encryption Protocol (WEP), one of the first encryption schemes for protecting wireless networks, has proven to be insufficient to keep out determined attackers. Wi-Fi Protected Access (WPA) was built to replace WEP, but hackers exposed its flaws too.

The current standard, says Wagner, is WPA2, which leverages advanced encryption standards (AES), combined with 802.11i. This is combined with RADIUS servers to manage encryption architecture, since a RADIUS server uses a central database to authenticate remote users and is “a strong way to distribute the certificates as opposed to the wireless access point trying to distribute” them, Wagner says.

Wagner adds that city CIOs “also need to pay attention, do due diligence and double-checking” of their systems to make sure that city Wi-Fi stays secure. “I tell folks I don’t trust myself in my security controls. I like having a third party come in and check my math,” he says. “So, it’s important to be diligent.”

Wilfred Pinfold, chair of the ACM Emerging Interest Group on Smart Cities, and the CEO of Urban.Systems, says city Wi-Fi can be hacked because of something as simple as not changing default passwords on equipment or not keeping up with security updates and patches.

“There’s a lot of security breakdowns because things are forgotten and not done,” he says. “It’s a matter of discipline and care being taken in setting up your infrastructure. That goes for every piece of equipment on the network.”

MORE FROM STATETECH: Find out how managed security services help state and local agencies boost cybersecurity. 

Squashing Rogue Smart City Wi-Fi Networks

Adding captive portal authentications can help users differentiate between a city’s Wi-Fi network and website landing pages that users reach when they try to access the Wi-Fi network. The landing page for the public Wi-Fi system in Kansas City, Mo., for example, has both the city’s logo and that of Sprint, the city’s network partner. That way users “knew they were on the right network and didn’t log into a rogue network,” says Bob Bennett, chair of the Cities Today Institute and former chief innovation officer of Kansas City.

But these pages can easily be cloned, and hackers can insert code into the website itself, says Wagner. A stronger option is “more pure authentication process on both sides,” he says. 

That can be done through 802.1x, which adds a layer of user-authenticated security and establishes a tunnel from that user to the access point. Cities can also use PKI certificates, which provide fully automated and secure connections. Pinfold says this is the most common mechanism for public encryption. In this system, X.509 PKI certificates uniquely identify end users and devices.

These encryption technologies “let us do that quite simply and seamlessly, and we should be using them more,” says Pinfold.

VIDEO: Find out what keeps state CISOs up at night. 

Public-Private Partnerships Can Combat Public Wi-Fi Security Risks

Cities trying to set up and run their own public Wi-Fi networks are often at a disadvantage, simply from a talent perspective. “They really struggle to compete for the best talent and to have the right resources and budget to do upgrades,” says Bennett.

That’s why many cities are partnering with big tech. Public-private partnerships are the dominant business model for procuring and operating public digital communications networks, according to a study presented at the International Conference on Theory and Practice of Electronic Governance this year.

It’s not just about saving money; it puts the experts in charge of security of these networks, which is their normal line of business.

When Kansas City offered public Wi-Fi across a 54-block area in downtown Kansas City, the city did so with Sprint, which owns and operates the network. Sprint “had higher levels of security than anything I could have done with public sector management,” Bennett says. He added that these partnerships are of interest to tech companies because being part of citywide Wi-Fi can demonstrate their ability to be good corporate citizens too.

MORE FROM STATETECH: Discover how public transit Wi-Fi fuels smart city deployments. 

5G’s Potential for Secure City Wi-Fi Networks

While Wagner says methods like Hotspot 2.0 protocols, an industrywide accepted approach to making Wi-Fi roaming seamless, can work, he says that the market is moving to 5G, which was a common subject at this year’s Consumer Electronics Show. “A lot of people are very excited about 5G. It may come in at a price point that would be competitive with Wi-Fi,” Wagner says.

Cities are also looking at leveraging existing 5G infrastructure like that being built by Verizon and AT&T. “5G holds great promise against traditional wireless service,” Wagner adds.

Bennett says people in state governments are already looking beyond 5G, and talking about 6G and 7G too, especially since cities are “probably going to build a network and set an infrastructure than can last 30 years,” he says.

Why Public Wi-Fi is Crucial for Smart Cities

The security risks that public Wi-Fi presents aren’t a reason to ditch them all together, says Wagner. They offer too many possibilities for smart cities and help local economies. According to the National League of Cities, cities with economies based around digital technologies are more likely to have lower unemployment and poverty levels, and an urban area’s median income level and gross domestic product per capita correspond to the strength of its internet sector. 

Not only does public Wi-Fi power Internet of Things devices that provide data for better decision-making, but public Wi-Fi is also seen by government as a way to help cities and states address infrastructure gaps and help them prepare for natural disasters. It can help address income inequality by providing internet access to citizens who may not be able to afford it otherwise.

“We don’t want to leave large swaths of our population without this access to the internet and the technology and capabilities that it brings,” says Wagner.

“The reason we went with Wi-Fi was not just so my daughter could upload her Instagram posts from downtown, which is still a cool thing,” says Bennett. It was for “a whole set of my population that doesn’t have access to the internet. Now those Johnnys and Janes can do their homework at home, and that’s a good thing.”

lisegagne/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.