Tag Archives: cybersecurity

Are smart cities at risk from hackers?

Posted on by

From traffic lights to bins, across the world, internet-connected technology is being integrated across all manner of everyday city infrastructure. Smart city technology can provide cities with real-time information which can be analysed to offer insights into how people interact with the city. These insights can be used to make cities operate more efficiently and ensure that cities are responding to the changing needs of their citizens. 

However, like any internet-connected device, smart city infrastructure runs the risk of being targeted by bad actors who wish to disrupt the operation of city life. 

This blog post explores the extent to which smart cities are vulnerable to attack by hackers and considers the steps that can be taken to prevent them from being compromised by nefarious actors. 

Connected and vulnerable

It’s an unfortunate fact of our increasingly more connected lives that as we connect more devices to the internet, we provide hackers with more opportunities to access our devices, compromise our networks, and gain access to personal information. In recent years, as we have added more Internet of Things (IoT) devices to our home networks, such as smart lightbulbs and thermostats, there is a chance we may be weakening the overall security of our networks. Experts have warned that these small IoT devices may not have the necessary level of sophisticated defences required to protect them from attack. 

Naturally, as these devices normally perform relatively inconsequential tasks (such as turning on a lamp) and don’t tend to host a great deal of personal data, many consumers do not consider the danger they could pose if compromised. Research has found that hackers may be able to gain access to entire home networks through hacking a single IoT device. This can enable hackers to access other connected devices, such as a phone, which holds a large amount of personal data. This can allow hackers to steal personal data, covertly spy on unknowing users, and gain access to email/social media/bank accounts. 

Therefore, as more small-scale infrastructure is connected to the internet, hackers will have more opportunities to take advantage of devices with lax security. In the context of smart cities, these vulnerabilities may be able to gain access to systems that operate critical city infrastructure. 

Smart city vulnerabilities

A key component of the development of smart cities is the fostering of a network of interconnected devices which cover a wide variety of city activities and functions. Through collecting and analysing this data, cities will be able to improve the way they operate in real-time and better respond to the needs of citizens. As such, smart city technology will have to be integrated into systems as simple as a streetlight and as complex as the public transit system. 

As previously discussed, IoT devices have varying levels of protection against hackers, and this is no different in the context of the smart city. Research conducted by UC Berkley found that small smart city infrastructure, such as CCTV systems and traffic lights, were more vulnerable to attack than more significant infrastructure, such as smart waste and water management systems. Vulnerabilities at any point of a network can allow hackers to gain access and potentially to compromise a more critical part of city infrastructure. 

Recently published guidance from the National Cyber Security Centre (NCSC) indicated that smart cities are a target for hackers, and warned that if systems are compromised there may be “destructive impacts”. For example, if a hacker can gain access to a smart traffic management system, they may be able to take the system offline and create traffic gridlock across a city. This would cause mass disruption and prevent people from moving around, which could result in threats to public safety. As a result, ensuring smart cities are protected from bad actors will be crucial as more city infrastructure is integrated into smart internet-connected systems. 

Protecting the smart city

Although smart cities will undoubtedly be a target for hackers, several actions can be taken to protect them from attack, and mitigations can be put in place to protect the wider smart city network if a single device is compromised. Ensuring that smart cities are designed with security at their core is vital. Adding on security at a later date will be ineffective and experts believe a “bolt-on” approach may pose more of a security risk. 

Guidance from the NCSC sets out the importance of understanding who is supplying the infrastructure and being aware that some companies may have links to foreign governments who may wish to gain access to UK systems for nefarious purposes. 

Key steps that the NSCS advise should be taken to protect the smart city include:

  • Understanding the goal of the smart city and potential unforeseen impacts.
  • Examining the threats posed to the smart city.
  • Setting out the governance of smart city cybersecurity and ensuring staff have the correct skills.
  • Understanding the role of suppliers in the delivery of smart city infrastructure and cybersecurity.
  • Being aware of relevant legal and regulatory requirements (particularly surrounding data protection).

Final thoughts

The development of smart cities may provide opportunities to create cities that are more efficient and responsive to the needs of citizens. Unfortunately, as more infrastructure is connected to the internet, hackers are provided with more opportunities to disrupt systems and harvest personal data. The levels of disruption and data will undoubtedly make smart cities an attractive target for bad actors.

Therefore, to reap the benefits of the smart city, it will be vital that security is at the core of the development of the smart city, and that local authorities ensure they have a clear understanding of who is responsible for cybersecurity. 

If you liked this article you may also be interested in reading:

Idox: enabling transformation, collaboration and improvement

Posted on by

Idox_logo 800 x 800 jpeg

If you follow this blog regularly then you’ll know that we write on all areas of public and social policy. What you might not realise though is that our Knowledge Exchange team is just one part of a much wider business – Idox – providing specialist information and data solutions and services.

I’ve been working with Idox for about four years, but I’m still topping-up my knowledge about the organisation. Last week, at the company’s end-of-year get-together, my brain was like an overworked sponge as it tried to absorb a multitude of facts, figures and achievements during two days of workshops and presentations (to say nothing of the informal chats in between the working sessions).

From this wealth of information, I’ve compiled a selection that I think conveys a flavour of the depth and diversity of Idox today.

Ten things you might not know about Idox…

  1. The Reading Room, which is the newest addition to the Idox family of companies, has developed digital solutions for a wide range of customers, including Porsche and Clarence House, and this year developed a virtual reality test drive app for Skoda.
  2. Idox’s recently-launched iApply service enables planning applications and building control consent to be applied for via a single source, streamlining the application process.
  3. The Idox GRANTFinder policy and grants database contains details of over 8000 funding opportunities.
  4. Real-time information delivered by Idox’s Cloud Amber keeps the travelling public up-to-date about transport services and helps manage traffic congestion.
  5. The Idox group currently employs almost 600 people in over 10 countries, including the UK, the Netherlands, Germany, the United States, India and Australia.
  6. The Idox Elections service not only ensured the smooth management of postal voting for the 2015 UK general election, but has also supported delivery of local authority and community council elections in the UK, as well as this year’s local elections in Norway.
  7. Idox has a strong presence in the compliance sector, raising awareness among managers and employees of the importance of complying with regulations, from corruption prevention and data privacy to occupational safety and cybersecurity.
  8. Idox Engineering Information Management, provides critical engineering document management and control applications to the oil and gas, mining, pharmaceutical and transport industries in 50 countries.
  9. CAFM Explorer, Idox’s computer aided facilities management software, supports building maintenance and property management for organisations in 45 countries, and recently partnered with the Hippodrome to help maintain one of London’s most popular attractions.
  10. From food safety monitoring to licensing taxis, Idox’s regulatory services help local authorities enforce the rules that keep us safe.

One more thing…

Finally, the meeting reminded me of one thing I already knew, and it’s to do with the part of Idox where I work – the Knowledge Exchange.

Over breakfast on the second morning, a colleague from McLaren talked about the difficulties in finding the right information on the web. Search engines only go so far, he said, providing too little or too much. This is where skilled intermediaries, such as Idox’s team of Research Officers, can make a difference, identifying, sorting and presenting information that people can use to make decisions, support arguments and advance their businesses.

The Idox event was an enjoyable, if exhausting, couple of days, and it demonstrated the many ways in which the company is supporting public, private and third sector work.

Clearly, there’s much more to learn about Idox.

Our popular Ask-a-Researcher enquiry service is one aspect of the Idox Information Service, which we provide to members in organisations across the UK to keep them informed on the latest research and evidence on public and social policy issues. To find out more on how to become a member, get in touch.

Follow us on Twitter to see what developments in public and social policy are interesting our research team.