From traffic lights to bins, across the world, internet-connected technology is being integrated across all manner of everyday city infrastructure. Smart city technology can provide cities with real-time information which can be analysed to offer insights into how people interact with the city. These insights can be used to make cities operate more efficiently and ensure that cities are responding to the changing needs of their citizens.
However, like any internet-connected device, smart city infrastructure runs the risk of being targeted by bad actors who wish to disrupt the operation of city life.
This blog post explores the extent to which smart cities are vulnerable to attack by hackers and considers the steps that can be taken to prevent them from being compromised by nefarious actors.
Connected and vulnerable
It’s an unfortunate fact of our increasingly more connected lives that as we connect more devices to the internet, we provide hackers with more opportunities to access our devices, compromise our networks, and gain access to personal information. In recent years, as we have added more Internet of Things (IoT) devices to our home networks, such as smart lightbulbs and thermostats, there is a chance we may be weakening the overall security of our networks. Experts have warned that these small IoT devices may not have the necessary level of sophisticated defences required to protect them from attack.
Naturally, as these devices normally perform relatively inconsequential tasks (such as turning on a lamp) and don’t tend to host a great deal of personal data, many consumers do not consider the danger they could pose if compromised. Research has found that hackers may be able to gain access to entire home networks through hacking a single IoT device. This can enable hackers to access other connected devices, such as a phone, which holds a large amount of personal data. This can allow hackers to steal personal data, covertly spy on unknowing users, and gain access to email/social media/bank accounts.
Therefore, as more small-scale infrastructure is connected to the internet, hackers will have more opportunities to take advantage of devices with lax security. In the context of smart cities, these vulnerabilities may be able to gain access to systems that operate critical city infrastructure.
Smart city vulnerabilities
A key component of the development of smart cities is the fostering of a network of interconnected devices which cover a wide variety of city activities and functions. Through collecting and analysing this data, cities will be able to improve the way they operate in real-time and better respond to the needs of citizens. As such, smart city technology will have to be integrated into systems as simple as a streetlight and as complex as the public transit system.
As previously discussed, IoT devices have varying levels of protection against hackers, and this is no different in the context of the smart city. Research conducted by UC Berkley found that small smart city infrastructure, such as CCTV systems and traffic lights, were more vulnerable to attack than more significant infrastructure, such as smart waste and water management systems. Vulnerabilities at any point of a network can allow hackers to gain access and potentially to compromise a more critical part of city infrastructure.
Recently published guidance from the National Cyber Security Centre (NCSC) indicated that smart cities are a target for hackers, and warned that if systems are compromised there may be “destructive impacts”. For example, if a hacker can gain access to a smart traffic management system, they may be able to take the system offline and create traffic gridlock across a city. This would cause mass disruption and prevent people from moving around, which could result in threats to public safety. As a result, ensuring smart cities are protected from bad actors will be crucial as more city infrastructure is integrated into smart internet-connected systems.
Protecting the smart city
Although smart cities will undoubtedly be a target for hackers, several actions can be taken to protect them from attack, and mitigations can be put in place to protect the wider smart city network if a single device is compromised. Ensuring that smart cities are designed with security at their core is vital. Adding on security at a later date will be ineffective and experts believe a “bolt-on” approach may pose more of a security risk.
Guidance from the NCSC sets out the importance of understanding who is supplying the infrastructure and being aware that some companies may have links to foreign governments who may wish to gain access to UK systems for nefarious purposes.
Key steps that the NSCS advise should be taken to protect the smart city include:
- Understanding the goal of the smart city and potential unforeseen impacts.
- Examining the threats posed to the smart city.
- Setting out the governance of smart city cybersecurity and ensuring staff have the correct skills.
- Understanding the role of suppliers in the delivery of smart city infrastructure and cybersecurity.
- Being aware of relevant legal and regulatory requirements (particularly surrounding data protection).
The development of smart cities may provide opportunities to create cities that are more efficient and responsive to the needs of citizens. Unfortunately, as more infrastructure is connected to the internet, hackers are provided with more opportunities to disrupt systems and harvest personal data. The levels of disruption and data will undoubtedly make smart cities an attractive target for bad actors.
Therefore, to reap the benefits of the smart city, it will be vital that security is at the core of the development of the smart city, and that local authorities ensure they have a clear understanding of who is responsible for cybersecurity.
If you liked this article you may also be interested in reading: