Q&A: Avaya Chief Technologist Jean Turgeon on Securing the Smart Cities of the Future

How are vendors like you linking IOT with security? What are the challenges?

To address and enhance security as part of a Smart City initiative, many devices, such as cameras, sensors, wearables, etc., need to be deployed and implemented. All these require connectivity at the edge of the networking infrastructure. Of course, carrier wireless will play a key role in this, but many will require connectivity to the city infrastructure. Even the carrier-connected devices will likely have to connect securely back to some common analytics infrastructure securely.

All these are what we refer to as edge devices, which is what the Internet of Things (IOT) or Internet of Everything (IOE) is all about. The challenge is how to securely connect all these devices at the edge of my city network, and connect securely the ones through a carrier or third-party infrastructure?

This means we need much more agility to add tens of thousands of devices to a network that, in the past, would require multiple physical networks to scale and not compromise security. IOT and security, as well as scalability and reliability, all need to be seriously evaluated. What is the point of deploying IOT if it cannot scale, is not secure and not reliable? That wouldn’t be too smart, would it?

In the end, it converges to the need for next-generation architecture to address the next-generation Smart Cities needs. You can’t remain with a 20- or 25-year-old client/server architecture. This architecture allows IP hackers, once through your firewall, to instantly gain visibility to your entire network thanks to IP hopping.

Unfortunately, many vendors are trying to fool the market by renaming and shifting complexity from one place to the other and hoping customers will not notice.

Due diligence is definitely required to achieve these objectives. The good news is that there is a solution to this: a next-generation matrix architecture based on Ethernet transport and optimized for IP services, regardless of their connectivity methodology. This approach literally makes your entire network invisible to hackers.

Avaya introduced SDN Fx for that exact reason, to scale, enhance security, deliver best-in-class reliability and provide the best foundation to Smart Cities and IOT/IOE.

Using this technology, we’ve demonstrated nearly 15,000 cameras running over a single converged infrastructure with one protocol, experiencing 500ms or better recovery times. This is the kind of infrastructure shift Smart Cities require to save lives, enhance resident experience, and enable new services the community will benefit from.

From your travel around the world, how do you see governments looking at national security from an IT perspective?

Cybersecurity is top-of-mind for governments now, and into the foreseeable future.

In fact, I am sure many are starting to reconsider corporate support for BYOD, and certainly SDN, where open code architecture is being promoted and expected to help drive business agility. From a more fundamental security point of view, governments and enterprises are very concerned about anyone penetrating their corporate networks and assets, which exposes their intellectual property and of course, potential citizens and customer information.

Therefore, seeking solutions that reduce the ability for hackers to gain access and visibility of their IP infrastructure and topology tops the minds of decision makers in the private and public sector.

There are solutions out there that can assist, however, they require a shift in mindset and a transition from legacy architecture. Customers need to urgently open their minds and quickly evaluate what’s on offer. The key to a viable solution is to embrace an ecosystem of technology to address these needs.

No one vendor can do this on their own, which reenforces the need for an open architecture away from proprietary schemes. The good news is that there are solutions out there, the bad news is that if private and public enterprises are looking at the same vendors that built their networks 20 years ago proclaiming they can do it all, this approach will fail.

My recommendation is for them to open their minds to an open architecture, and yet controlled with accountability from specific technology experts, which will provide pieces to the puzzle. This is clearly very complex and challenging.

You’ve traveled around the Middle East. What tops the mind of public safety owners, and what can you tell us about their vision and their challenges?

For the last year, I’ve met most of public safety owners in the region and my observation is that public safety and potential exposure related to it, tops the agenda in the Middle East. The issue is that while most look at “emergency services response” as the best answer for public safety, the current emergency response centers have shockingly serious limitations.

With mobile devices being the main mode of communications, you may want to ask if legacy PSAP systems can locate users in the event of an emergency. The traditional model was not built with mobile devices in mind, and hence, it was easier to tie a location to a hard phone in your home or office. Today however, numbers are associated with a person and not with a location, or even a device. Where is that person located, and how can he or she be helped in crisis?

I have been pleasantly surprised with some areas in the region where applications have been developed to provide instant location services as the person in crisis dials for emergency. Without getting into details, this means some systems have already established both a voice and data channel, allowing location to be immediately sent to a central command, as the individual dials for emergency. This is very positive to see, but, as you can imagine it is not broadly implemented in all countries. Some are clearly lagging behind.

In addition, the next step is to take full advantage of the multimedia capabilities and also enable a discrete video channel when dialing for emergencies.

One benefit of the data channel through simple functionality is SMS; this means a video can be pushed to the person in crisis. Imagine someone having a heart attack in a restaurant right next to you. You are not CPR trained; what do you do?

What if the emergency services operator could instantly forward you a video showing how to perform CPR? This can save a life. What if someone was trying to rob a bank, what if your mobile device could be instantly converted into a video surveillance input for the emergency response team to have a live video feed of the situation as they are en route to the bank?

This is what I call “Smart Safety,” and the use cases are unlimited. Smart Safety is now live in many parts across the world and the region, but there is a wide opportunity to progress and make it consistent across countries.

Do smart cities create security challenges? What are they?

I think it is the opposite, if they are truly implementing a “Smart City” solution. Smart City is more than just enabling Wi-Fi services. My observation is that there is a new trend taking shape: while Wi-Fi is certainly one of the services, part of most Smart Cities initiatives that I am seeing are adding video surveillance and analytics in very large scale, which is quite difficult when using a legacy infrastructure.

As governments provision all these new capabilities and services to their smart cities, they will have to review their infrastructure to be able to scale and meet the real-time analytics requirements.

They would also have to consider adding sensors technology to address various needs contributing to making the city safer. As an example, if the city uses natural gas, they may want to implement sensors to detect the flow and potential leaks of gas throughout the city to quickly react to a potential issue. For instance, governments can leverage video surveillance analytics to be able to intelligently track an Emergency Response Vehicles and control the lights and reduce the time to destination and collision potential.

In many cities around the world, street lights are a source of wasted energy, which can be remotely controlled throughout the night depending on cars and people traffic intensity. By leveraging real time analytics, this can be easily achieved, reducing electricity consumption without compromising residents or visitors security.

There are many examples like this, but I would summarize in saying, Smart Cities will improve security as opposed to augment or create security risks if properly implemented.

Nations have different visions of what Smart Cities are. What is a Smart City from your perspective?

Smart Cities are about enabling new services to better service your population. This is about making your city safer, offering new services while enabling consumers to use to drive net new revenues or in some cases focused only on providing a better experience to visitors and tourists.

If residents feel safe, get best-in-class services, and feel their city is at the forefront of offering new services, they will be happier and they will share their feelings with others and especially on social media.

In the Middle East we refer to the “Happiness Index.” Smart Cities are all about delivering on that objective. It is about providing best-in-class services, making governments and cities stand out from other destinations around the world.

People have many destinations to choose from. They can live anywhere. Would you want to live in a city not committed to improving the population quality of life? All of these define what Smart Cities are all about. Drive the “happiness index” to new levels and have the world know about your city being the best, most secure and interesting city to visit and potentially move to.

From a technical perspective, how can governments make their cities safer?

Cities have to move to a different architecture model to support next-generation “Smart-X” services. The legacy client-server model has served us well, but over the past 25 years, have increased in complexity and made reliability a huge challenge due to complex protocols required to address all of these business needs.

Related Articles:

Benefits of Deploying the Avaya Surge™ Solution for Any IP Network

The Avaya Surge™ Solution is designed to work in an SDN Fx fabric environment. But many companies don’t have the luxury of deploying a full Ethernet fabric before they deploy their IoT-based applications. Avaya Surge release 1.0.1 (November 2016) added support for non-fabric IP networks.

The Surge IoT Controller works essentially the same way as in the SDN Fx fabric deployment, except the Open vSwitch on the Open Networking Adapter can’t automate network provisioning. Therefore, the VLANs must be configured manually on the network. The solution still provides centralized inventory, white list profiles, flow filtering, and a single pane-of-glass status for all Open Networking Adapter-enabled IoT devices. Without the SDN Fx fabric infrastructure, segmentation is limited to VLANs that aren’t stealthy and mobility requires manual network service set-up and tear-down. For environments where devices are static, the IP-only version of Avaya Surge may suffice until a full fabric can be deployed.

The risk profile of IoT doesn’t lend itself to “good enough” solutions for long. When a company’s network and data are compromised, less than best practices will be criticized in the media, in the court room, and, as in the Yahoo case, impact executive pay. Avaya Surge Release 2.0, scheduled for the second quarter of 2017, adds IPSec encryption and tunneling to an IP-only deployment. (IPSec will be available for SDN Fx deployments as well.)

A HyperSec gateway is deployed to coordinate the IPSec functionality with the Open Networking Adapters. The HyperSec gateway terminates the IPSec connection from the Adapters and directs the data to the correct VLAN to reach the target application server. Return data is encrypted and sent to the appropriate Adapter, which terminates and forwards the data to the IoT device. The addition of the HyperSec gateway adds encryption to the data on the network, while adding mobility to the solution. The Adapter is able to dynamically create the IPSec tunnel to the HyperSec gateway, reducing manual network management.

The HyperSec gateway is deployed as an active/standby pair. Each Adapter will be set up with primary/secondary tunnels. If the primary is not available, the Adapter will communicate over the secondary tunnel to the HyperSec gateway. The HyperSec cluster is headless. Configuration information is maintained in the Surge IoT Controller. This greatly simplifies scale-out clustering of the HyperSec gateway.

I will blog more about the HyperSec solution closer to availability. Keep in mind that you can get started with Avaya Surge on an IP network today and add IPSec when it becomes available. Also, it is not an all-or-nothing solution. Critical IoT components and services go through the HyperSec gateway and less critical and stationary workloads are deployed with IP and VLANs. Furthermore, SDN Fx fabric can be incrementally added to portions of the IoT portfolio to gain the value of hyper-segmentation, native stealth, and automatic elasticity.

Look at all of this through a different lens. I was talking to a friend, an intellectual property rights attorney, about the exposure that companies face from data breaches. It was one of those conversations where he wanted to know more about the technology and I was curious about his perspective as someone who makes money from a company’s problems. He was especially interested because legal firms are getting $500K to $2.5M for a simple breach defense. When looking at these numbers, I think that even if a company isn’t found culpable in a data breach, they could spend a lot of money in defense. So, it’s probably best to invest in the infrastructure to deploy IoT projects in a safe and sane manner.

In my recent blogs about the IoT, I’ve looked at how the IoT enables Digital Transformation and examined a business-first approach to IoT technology adoption. Then I looked at how Avaya’s SDN FxTM provides a foundation for a safe and sane IoT deployment. Finally, I introduced the Avaya Surge™ Solution, which extends network fabric to IoT devices and provides centralized device management, protection, and flow filtering.

Avaya Surge™ Solution Makes Securing the IoT Easy for All Devices

Let’s explore how you can manage thousands of IoT devices while protecting your network and data from unnecessary risk. Often, we think newer devices will be more secure than older ones that were network-enabled before the current threat profile. However, Gartner predicts devices will remain unsecured for quite some time. The Avaya Surge™ Solution makes securing the IoT easy for all devices.

Avaya Surge, recently named a 2017 Gold Edison Award winner, consists of an IoT controller and an Open Networking Adapter, which is a proxy for IoT endpoints and provides the programmable security for insecure devices.

Key Attributes of Avaya Surge

  • Automated onboarding of IoT devices
  • Inventory reporting, including real-time status
  • MAC-based device security
  • Traffic flow filtering
  • Tight integration with Avaya SDN Fx (but works with any IP network)
  • IPSec encryption and tunneling in release 2.0 (coming in the second half of 2017)

How Avaya Surge Works

  1. An Open Networking Adapter is paired with an IoT device on the IoT controller by matching the serial number of Adapter (or QR code) to the MAC address of the IoT device. The IoT Controller sees the Adapter/IoT device as an inseparable pair and manages the IoT device through the Adapter.
  2. The IoT device is connected to the Adapter which is connected to the edge switch (plug RJ45 connectors together).
  3. The Adapter uses DHCP and DNS to locate the IoT Controller. The Adapter negotiates security keys with the IoT Controller and the onboarding process begins.
  4. The IoT Controller looks up the profile identified for the device type connected to the Adapter and down loads it to the Adapter. The profile contains network configuration, service requirements and allowable flows.
  5. The IoT device establishes connection to its application server and the Adapter begins monitoring network traffic.

Key Operational Benefits of Avaya Surge

  • The Adapter doesn’t retain profile information through a power cycle. If an Adapter is disconnected from the network or loses power, data in memory is lost. When power is returned, the Adapter must connect to the IoT controller to get its profile to function. Avaya Surge will indicate the Adapter/IoT device has lost network connectivity. Without a valid registration, the Adapter does nothing. Network or profile information can’t be learned from a stolen Adapter.
  • The Adapter is based on white list security. When the Adapter boots, it doesn’t allow traffic from the IoT device. The profile provides a white list of approved devices and flows. For instance, if the only IP addresses that an IoT device is supposed to contact are its application server and network services (DHCP, DNS, etc.), the Adapter will block all other traffic. This prevents a compromised device from infecting its peers.
  • The Adapter has a learning mode. A profile can be complex to create. Therefore, the Adapter can be set to accept all traffic and mirror it to the IoT controller. The IoT device operates normally with Avaya Surge cataloging the traffic. This allows the IoT device to operate normally under the supervision of IT staff. When adequate time has passed (dependent on device operation), the captured traffic is converted to a reusable profile that becomes the standard for all like devices. The Adapter is taken out of learning mode, updated with the new profile, and a new device has been added to the network—safely and sanely. Under normal circumstances, the IoT Controller receives reports only from the Adapter and isn’t in the data path.
  • The profile stops MAC spoofing. If all the Adapter did was lock down a MAC address, an antagonist could disconnect the IoT device and connect a computer with the same MAC address. Technically, the Adapter will allow this to happen. However, as soon at the antagonist tries to do something that the IoT device isn’t normally allowed to do, the Adapter will block the traffic and report an abnormal flow attempt to the IoT Controller. One of the issues with IoT is many devices can’t be physically secured and are susceptible to tampering. Avaya Surge addresses this challenge.
  • The inventory addresses all use cases. IoT devices will be deployed within an organization across many use cases and application stacks. For example, a facility may have point-of-sale terminals: CCTV cameras, HVAC sensors and controls, security key pads and door controllers, medical devices, robots, assembly stations, and more. Each of these is deployed with its own application servers with device status monitoring and inventory management. Avaya Surge provides network IT with a single pane status for all IoT devices that are secured with Adapters within the infrastructure.
  • Avaya Surge supports device mobility. Devices can be automatically moved from one network port to another. The Adapter contains OVS 2.4 code, including support for Auto-attach (IEEE 802.1Qcj). Auto-attach provides the ability for the Adapter to signal Avaya Fabric Attach to create the required services on the edge switch, such as VLAN and ISID mapping. If a device needs to be moved, a technician would simply unplug the Adapter from the switch, move the device and Adapter to the new location, and plug the Adapter into the new port. When the Adapter is unplugged, the Adapter loses its profile and the SDN Fx network disables the services to the old port. When the Adapter is reconnected, it contacts the IoT Controller to get its profile and the OVS requests the services be provisioned on the new port. Within a couple of minutes, the IoT device is functioning in its new location and the move has been done safely, sanely and without Networking IT involved. Note that networking IT would have been notified when the Adapter was disconnected and reconnected through the Avaya Surge dashboard.

In my recent blogs about the IoT, I’ve looked at how the IoT enables Digital Transformation and examined a business-first approach to IoT technology adoption. Then I looked at how Avaya’s SDN FxTM provides a foundation for a safe and sane IoT deployment. Next in this blog series, I’ll explore deploying Avaya Surge in a non-SDN Fx IP network.

Secure IoT Deployments with Avaya SDN Fx™ Architecture Solutions

Let’s look at how to deploy the IoT in a safe and sane manner—a top-of-mind business challenge. Before diving into the technology, let’s remember why secure IoT deployments are so important. The Yahoo breach is a lesson learned: Yahoo CEO Marissa Mayer lost $12M in bonuses over the Yahoo data breach and Yahoo paid $16M to investigate the breach and cover legal expenses as of March 2, 1017. It’s clear that the cost of not building a safe infrastructure is much more than the cost to build one.

Software Defined Networking (SDN) is sometimes over-hyped. At a base level, separating the control plane from the data plane makes sense (if one understands the definitions of a data plane and control plane). In a practical sense, it means the network infrastructure doesn’t need to be managed on a node-by-node basis (i.e., logging into network devices on each end of the cable to make complementary changes to configure a network link). This is where SDN can be over-hyped. The SDN solution automates the process of making the changes to each end of the cable, making the network easier to manage. But, it doesn’t reduce the complexity, increase the resiliency (other than reduce outages due to typing errors), or make it easier to troubleshoot or expand.

Avaya SDN FxTM Architecture is based on fabric, not network technology. The architecture was designed to be managed as an entity of subcomponents and not a bunch of nodes that are interconnected to create a larger entity. In other words, it’s like designing something to manage a forest, as opposed to managing the trees. Would you really want to manage a forest one tree at a time?

How SDN Fx Architecture Benefits the IoT

Although the SDN Fx network architecture wasn’t specifically designed for the IoT, it works well for providing a solid foundation to deploy IoT solutions. These are the key components of the SDN Fx Architecture that benefit the IoT:

Avaya Fabric Connect is Avaya’s implementation of Shortest Path Bridging (SPB/IEEE 802.1aq). SPB replaces the traditional network stack, greatly simplifying network configuration, management and security. Three key benefits of Fabric Connect apply directly to IoT deployment use case:

  • Hyper-Segmentation: SPB supports 16 million+ network segments. In theory, every IoT device on a network could have its own segment. More realistically, every device type can have its own segment. For instance, HVAC could be one network, security cameras could be on another, employees on a third, guests on a fourth, etc. It’s worth noting that the NSA sees segmenting IoT networks as a key to limiting exposure of IoT deployments. (In my next blog, I’ll examine how Avaya solutions provide security between devices on the same segment.)
  • Automatic Elasticity: Services in SPB are provisioned at the edge without touching the core of the network. This makes it very straightforward to provision network services for the hundreds or thousands of IoT devices that the business wants up and running yesterday. Plus, edge provisioning makes moving devices simple. When a device is disconnected from the network, the network service to that port is disabled and eliminates open holes in the network security. When the device is connected to the same or different port, the device is authenticated and services are automatically configured for the port.
  • Native Stealth: SPB operates at the Ethernet, not the IP layer. For example, if a would-be hacker gains access to one segment of a traditional network, they can go IP-snooping to discover the network architecture. A traditional network is only as secure as the least secure segment/component. With Fabric Connect, if a security loophole is overlooked in a less important network project, there isn’t a back door to access the rest of the network and the corporate data.

Avaya Fabric Extend provides the ability to extend an SPB fabric across a non-fabric network, such as IP core, between campuses over Multiprotocol Label Switching (MPLS), or out to the cloud over WAN. IoT deployments enable the phased adoption of SDN Fx so that IoT projects can gain the values above, without ripping and replacing significant network infrastructure or affecting non-IoT workloads.

Avaya Fabric Attach automates the elasticity of the SPB fabric for IoT devices and other devices supporting Automatic Attachment (IEEE 802.1Qcj). Fabric Attach allows the device to signal the network that it needs in order to connect to a service. If the device is authorized, the service is automatically provisioned. When the device is disconnected, the service is terminated. If the device is moved to a different network port, the service will be provisioned automatically to the new port. This makes deploying and moving Fabric Attach-enabled devices very simple. For a real-world example, see how Axis Communications is starting to deploy Fabric Attach in their IoT devices.

Avaya Open Networking Adapters—an Open Network Adapter is a small device that sits in-line with an IoT device to provide programmable security for IoT devices that lack adequate network security. One component of the solution is Fabric Attach, which provides automated service provisioning and mobility to devices that don’t have the auto-attach capability. (I’ll explore more about the power of Open Networking Adapters in an upcoming blog.)

The Avaya Identity Engines Portfolio provides powerful tools for managing user and device access to a network, commonly referred to as Authentication, Authorization, and Accounting. In the IoT use case, Identity Engines authenticate a device by MAC address or MAC address group and use predefined policies for the device type to dynamically configure services. For instance, a camera could be assigned to Video VLAN 30 and provisioned for multicast, while a phone would be authenticated, assigned to VLAN 20, and configured for SIP communications. This provides security for unauthorized devices joining the network and provides automatic segmentation based on device type and service requirements.

I’m not sure if there ever was a time when network design and implementation was static, but there was a time when the devices connected to the network could be predicted: servers, printers, storage, PCs, etc. With IoT, IT is being asked to design networks for devices that haven’t been thought of yet. The old network technologies were designed for mobility by work order, and IT was able to list the number of device types that wouldn’t work on the network. SDN Fx provides a true software-defined network and not software-defined automation on old network constructs. A fabric network has the intrinsic flexibility and security required for tomorrow’s IoT projects, today.

In my recent blogs about the IoT, I’ve looked at how the IoT enables Digital Transformation and examined a business-first approach to IoT technology adoption. Next in this blog series, I’ll explore the newest component of the SDN Fx solution for the IoT, the Avaya Surge™ Solution.