Are smart cities at risk from hackers?

From traffic lights to bins, across the world, internet-connected technology is being integrated across all manner of everyday city infrastructure. Smart city technology can provide cities with real-time information which can be analysed to offer insights into how people interact with the city. These insights can be used to make cities operate more efficiently and ensure that cities are responding to the changing needs of their citizens. 

However, like any internet-connected device, smart city infrastructure runs the risk of being targeted by bad actors who wish to disrupt the operation of city life. 

This blog post explores the extent to which smart cities are vulnerable to attack by hackers and considers the steps that can be taken to prevent them from being compromised by nefarious actors. 

Connected and vulnerable

It’s an unfortunate fact of our increasingly more connected lives that as we connect more devices to the internet, we provide hackers with more opportunities to access our devices, compromise our networks, and gain access to personal information. In recent years, as we have added more Internet of Things (IoT) devices to our home networks, such as smart lightbulbs and thermostats, there is a chance we may be weakening the overall security of our networks. Experts have warned that these small IoT devices may not have the necessary level of sophisticated defences required to protect them from attack. 

Naturally, as these devices normally perform relatively inconsequential tasks (such as turning on a lamp) and don’t tend to host a great deal of personal data, many consumers do not consider the danger they could pose if compromised. Research has found that hackers may be able to gain access to entire home networks through hacking a single IoT device. This can enable hackers to access other connected devices, such as a phone, which holds a large amount of personal data. This can allow hackers to steal personal data, covertly spy on unknowing users, and gain access to email/social media/bank accounts. 

Therefore, as more small-scale infrastructure is connected to the internet, hackers will have more opportunities to take advantage of devices with lax security. In the context of smart cities, these vulnerabilities may be able to gain access to systems that operate critical city infrastructure. 

Smart city vulnerabilities

A key component of the development of smart cities is the fostering of a network of interconnected devices which cover a wide variety of city activities and functions. Through collecting and analysing this data, cities will be able to improve the way they operate in real-time and better respond to the needs of citizens. As such, smart city technology will have to be integrated into systems as simple as a streetlight and as complex as the public transit system. 

As previously discussed, IoT devices have varying levels of protection against hackers, and this is no different in the context of the smart city. Research conducted by UC Berkley found that small smart city infrastructure, such as CCTV systems and traffic lights, were more vulnerable to attack than more significant infrastructure, such as smart waste and water management systems. Vulnerabilities at any point of a network can allow hackers to gain access and potentially to compromise a more critical part of city infrastructure. 

Recently published guidance from the National Cyber Security Centre (NCSC) indicated that smart cities are a target for hackers, and warned that if systems are compromised there may be “destructive impacts”. For example, if a hacker can gain access to a smart traffic management system, they may be able to take the system offline and create traffic gridlock across a city. This would cause mass disruption and prevent people from moving around, which could result in threats to public safety. As a result, ensuring smart cities are protected from bad actors will be crucial as more city infrastructure is integrated into smart internet-connected systems. 

Protecting the smart city

Although smart cities will undoubtedly be a target for hackers, several actions can be taken to protect them from attack, and mitigations can be put in place to protect the wider smart city network if a single device is compromised. Ensuring that smart cities are designed with security at their core is vital. Adding on security at a later date will be ineffective and experts believe a “bolt-on” approach may pose more of a security risk. 

Guidance from the NCSC sets out the importance of understanding who is supplying the infrastructure and being aware that some companies may have links to foreign governments who may wish to gain access to UK systems for nefarious purposes. 

Key steps that the NSCS advise should be taken to protect the smart city include:

  • Understanding the goal of the smart city and potential unforeseen impacts.
  • Examining the threats posed to the smart city.
  • Setting out the governance of smart city cybersecurity and ensuring staff have the correct skills.
  • Understanding the role of suppliers in the delivery of smart city infrastructure and cybersecurity.
  • Being aware of relevant legal and regulatory requirements (particularly surrounding data protection).

Final thoughts

The development of smart cities may provide opportunities to create cities that are more efficient and responsive to the needs of citizens. Unfortunately, as more infrastructure is connected to the internet, hackers are provided with more opportunities to disrupt systems and harvest personal data. The levels of disruption and data will undoubtedly make smart cities an attractive target for bad actors.

Therefore, to reap the benefits of the smart city, it will be vital that security is at the core of the development of the smart city, and that local authorities ensure they have a clear understanding of who is responsible for cybersecurity. 


If you liked this article you may also be interested in reading:

Smart Chicago: how smart city initiatives are helping meet urban challenges

Outside a Chicago theatre, with a huge 'Chicago' sign outside

By Steven McGinty

Home to former President Barack Obama, sporting giants the Chicago Bulls, and the culinary delicacy deep dish pizza, Chicago is one of the most famous cities in the world. Less well known is Chicago’s ambition to become the most data-driven city in the world.

A late convert to the smart city agenda, Chicago was lagging behind local rivals New York and Boston, and international leaders Barcelona, Amsterdam, and Singapore.

But in 2011, Chicago’s new Mayor Rahm Emanuel outlined the important role technology needed to play, if the city was to address its main challenges.

Laying the groundwork – open data and tech plan

In 2012, Mayor Rahm Emanuel issued an executive order establishing the city’s open data policy. The order was designed to increase transparency and accountability in the city, and to empower citizens to participate in government, solve social problems, and promote economic growth. It required that every city agency would contribute data to it and established reporting requirements to ensure agencies were held accountable.

Chicago’s open data portal has nearly 600 datasets, which is more than double the number in 2011. The city works closely with civic hacker group Open Chicago, an organisation which runs hackathons (collaborations between developers and businesses using open data to find solutions to city problems).

In 2013, the City of Chicago Technology Plan was released. This brought together 28 of the city’s technology initiatives into one policy roadmap, setting them out within five broad strategic areas:

  • Establishing next-generation infrastructure
  • Creating smart communities
  • Ensuring efficient, effective, and open government
  • Working with innovators to develop solutions to city challenges
  • Encouraging Chicago’s technology sector

 Array of Things

The Array of Things is an ambitious programme to install 500 sensors throughout the city of Chicago. Described by the project team as a ‘fitness tracker for the city’, the sensors will collect real-time data on air quality, noise levels, temperature, light, pedestrian and vehicle traffic, and the water levels on streets and gutters. The data gathered will be made publicly available via the city’s website, and will provide a vital resource for the researchers, developers, policymakers, and citizens trying to address city challenges.

This new initiative is a major project for the city, but as Brenna Berman, Chicago’s chief information officer, explains:

If we’re successful, this data and the applications and tools that will grow out of it will be embedded in the lives of residents, and the way the city builds new services and policies

Potential applications for the city’s data could include providing citizens with information on the healthiest and unhealthiest walking times and routes through the city, as well as the areas likely to be impacted by urban flooding.

The project is led by the Urban Center for Computation and Data of the Computation Institute  a joint initiative of Argonne National Laboratory and the University of Chicago. However, a range of partners are involved in the project, including several universities, the City of Chicago who provide an important governance role and technology firms, such as Product Development Technologies, the company who built the ‘enclosures’ which protect the sensors from environmental conditions.

A series of community meetings was held to introduce the Array of Things concept to the community and to consult on the city’s governance and privacy policy. This engagement ranged from holding public meetings in community libraries to providing online forms, where citizens could provide feedback anonymously.

In addition, the Urban Center for Computation and Data and the School of the Art Institute of Chicago ran a workshop entitled the “Lane of Things”, which introduced high school students to sensor technology. The workshop is part of the Array of Things education programme, which aims to use sensor technology to teach students about subjects such as programming and data science. For eight weeks, the students were given the opportunity to design and build their own sensing devices and implement them in the school environment, collecting information such as dust levels from nearby construction and the dynamics of hallway traffic.

The Array of Things project is funded by a $3.1 million National Science Foundation grant and is expected to be complete by 2018.

Mapping Subterranean Chicago

The City of Chicago is working with local technology firm, City Digital, to produce a 3D map of the underground infrastructure, such as water pipes, fibre optic lines, and gas pipes. The project will involve engineering and utility workers taking digital pictures as they open up the streets and sidewalks of Chicago. These images will then be scanned into City Digital’s underground infrastructure mapping (UIM) platform, and key data points will be extracted from the image, such as width and height of pipes, with the data being layered on a digital map of Chicago.

According to Brenna Berman:

By improving the accuracy of underground infrastructure information, the platform will prevent inefficient and delayed construction projects, accidents, and interruptions of services to citizens.

Although still at the pilot stage, the technology has been used on one construction site and an updated version is expected to be used on a larger site in Chicago’s River North neighbourhood. Once proven, the city plans to charge local construction and utility firms to access the data, generating income whilst reducing the costs of construction and improving worker safety.

ShotSpotter

In January, Mayor Rahm Emanuel and Chicago Police Department commanders announced the expansion of ShotSpotter – a system which uses sensors to capture audio of gunfire and alert police officers to its exact location. The expansion will take place in the Englewood and Harrison neighbourhoods, two of the city’s highest crime areas, and should allow police officers to respond to incidents more rapidly.

Chicago Police Superintendent Eddie Johnson highlights that although crime and violence presents a complex problem for the city, the technology has resulted in Englewood going “eight straight days without a shooting incident”, the longest period in three years.

ShotSpotter will also be integrated into the city’s predictive analytics tools, which are used to assess how likely individuals are to become victims of gun crime, based on factors such as the number of times they have been arrested with individuals who have become gun crime victims.

Final thoughts

Since 2011, Chicago has been attempting to transform itself into a leading smart city. Although it’s difficult to compare Chicago with early adopters such as Barcelona, the city has clearly introduced a number of innovative projects and is making progress on their smart cities journey.

In particular, the ambitious Array of Things project will have many cities watching to see if understanding the dynamics of city life can help to solve urban challenges.


Follow us on Twitter to see what developments in public and social policy are interesting our research team.

If you found this article interesting, you may also like to read our other smart cities articles: