The application period for this challenge is now closed

  • Governer Partner :City of Boulder
  • Department :IT Department
  • Category :AI/ML, Data Collection / Security, IoT

Project Summary

IoT network management machine learning protocols.

Challenge Details

Increase operational awareness and management of Internet of Things (IoT) devices connected to the City of Boulder’s network.
The City of Boulder’s Innovation and Technology (IT) Department is responsible for creating an environment of seamless integration between people and technology. This includes maintenance and management of the city’s information technology network shared by all city departments and facilities.

Currently, for traditional networked devices (e.g., desktop and laptop computers, tablets, phones, printers), IT acts as the central authority responsible for specifying, configuring, connecting, monitoring, and managing devices on behalf of its city customers. The department is currently working with other city departments for more specialized “Internet of Things” (IoT) devices (e.g., building management, video surveillance, parking management, irrigation control, traffic control, industrial supervisory control and data acquisition [SCADA]). There is shared responsibility for all aspects of device administration, including maintaining inventories, changing default configurations, and managing the lifecycle of the equipment. This is a purposeful policy meant to enable departments with greater flexibility in testing and implementing innovative technologies.

IT provisions IP addresses, network ports, and access control configurations for IoT devices and employs Nagios to monitor the connectivity of devices after installation. If IoT devices become unreachable, IT staff and responsible departments are notified. The process of IP addressing, network configuration, and monitoring must be configured manually for each IoT device, which creates an increasing burden on IT for proliferating devices owned and administered by other departments and their contractors.

IT’s current monitoring capability, when paired with the enterprise security safeguards in place, can effectively deal with unwarranted devices on or intrusions to the network as issues are identified. However, there is currently a burdensome process to inventory and monitor the entire network for all devices placed on it. If a device begins to behave oddly or is compromised in any way, IT may not know that until it attempts to interact with our network/network security.

More than 100 IoT type devices are added to the City’s network each year, and the rate of this growth and diversity of devices added are only expected to increase. At this point the city cannot mirror such growth with more personnel and network resources, requiring a more sophisticated and scalable monitoring solution.

IT wants to explore a technical solution that would enable centralized, network-wide inventorying and monitoring of all devices on the city network. Further, IT is interested in an intent-based networking solution, a solution that uses indicators and/or artificial intelligence (AI) with automated features to address unknown or untrusted devices and abnormal behavior in known and trusted devices, diverting such devices to a separate network segment until they can be addressed by IT directly.

Key requirements of such a solution include:

Management and Oversight

• Maintain an up-to-date inventory of all IoT devices on the city network, including key device characteristics (e.g. make/model, version, warranties, replacement date, point of contact)

• Automate configuration and de-configuration of the monitoring/notification system for IoT devices as they are added and removed from the network, perhaps including a self-service component for city departments

• Dynamically aid IT and departments in proactively maintaining devices throughout their lifetimes, from initial deployment to replacement or decommissioning

• Gain greater leverage in administering devices commonly deployed on the network by different departments, looking for opportunities for more enterprise-level bargaining during purchasing and deployment efficiency

Security

• Intent-based networking of devices when placed on the network based on recognized features of that device, placing unknown or untrusted devices or devices that are not meeting specified security criteria, or whose behavior changes/becomes unusual, into separate networks until adequately assessed by IT

• A notification structure which alerts IT staff to the emergence of unknown devices and misconfiguration or abnormal behavior observed in known devices