One benefit of cities being “smart” is their ability to use communications technology to integrate key industries and infrastructure in a way that generates growth and benefits everyone. London, for example, contributes about a third of all taxes paid in the United Kingdom.
However, this makes smart cities attractive targets for large-scale malicious cyberattacks, as a single attack would have widespread implications. In March 2018, a cyberattack on poorly secured public computer systems in Atlanta – a city known for its investment in smart applications – shut down many of the city’s functions, some for months. Atlanta reckons the cost of recovery to be almost $10 million and the effects of the attack continue to be felt.
In 2019, as more smart cities become established, our urban environments will be even more vulnerable to attacks. The communications networks that underpin smart cities rely on relatively new technologies, such as Internet of Things (IoT) applications. These technologies – particularly sensor networks – are not cyber secure. Many cities, for instance, use smart sensors to reduce transport congestion and to manage smart-parking initiatives. However most wireless sensors used in the public domain are relatively cheap and do not have built in security architecture; they are not secure by design.
IoT systems, such as smart-grid technology, are also increasingly interconnected with each other and with the global internet, meaning that access to one can often mean access to many. And, according to Garner, the consultancy company, by 2020 the number of IoT devices in the world will outnumber the world population. Such a level of complex connectivity increases the risks of attack substantially.
Only a handful of companies are currently investing in the IoT sector. As a result, a software or hardware vulnerability that emerges in one city will have a widespread impact – affecting all cities that use that company’s devices. Stuxnet malware, for example, which targeted Iranian centrifuges by exploiting manufacturer vulnerabilities, not only affected Iran, but also industrial control systems as far afield as India and Indonesia.
As the Atlanta case has shown, a successful cyber-attack can lead to a big disruption to business, daily life for city-dwellers, loss of reputation for companies and declining trust in emerging technologies from end-users. And, as smart systems are interconnected and interdependent, an attack on something as “trivial” as parking sensors, could give an attacker access to nodes that connect with critical national infrastructure, thus endangering national security.
Smart cities, of course, also create another challenge: the large amounts of data they generate, which could fall into the wrong hands and be used for malicious purposes. Data about contactless card payments on a public-transport network, for example, can give a good picture of the daily circulation rates in a city, the most commonly used routes and transportation hubs and times when such hubs are most crowded, all of which could be used by malicious actors to cause maximum disruption.
Smart-city administrations now have no choice but to understand more comprehensively both the opportunities and risks that emerging technologies present. And, to protect themselves and their citizens, they will have to find ways of forging stronger partnerships with the private sector, which is already playing a significant role in conducting risk assessments and which also has much to lose from a cyberattack on the infrastructure.
In 2019, we will see more collaboration between local and municipal governments, cybersecurity specialists and the private sector to develop ways of mitigating future threats to smart cities. But the task is enormous. The Atlanta attackers used brute force to guess weak passwords until they found one that gave them entry into the city’s networks. And weak passwords – or in the case of much consumer IoT currently on the market, no passwords – are still a very common feature of our interconnected world.
Beyza Unal is a senior research fellow at Chatham House, a London-based thinktank
– Meet the companies fixing depression by stimulating neurons
– An e-bike revolution is about to upend urban transport
– How companies will use AI tackle workplace harassment
– The blockchain needs protecting from quantum hackers
Get the best of WIRED in your inbox every Saturday with the WIRED Weekender newsletter
This article was originally published by WIRED UK
