Energy and information sabotage: The threats facing our smart cities
Smart city development is in full swing, but it appears that city officials are leaving security by the wayside.
While the definition of what makes a city “smart” is still up for debate, in general, we often consider it a system of both traditional infrastructure and new, overlaying structures created from emerging technologies such as web connectivity, data collection and analytics, sensors, and mobile solutions.Smart traffic systems to reduce congestion, surveillance systems to detect crime, LED-based street lighting with motion sensors and data-driven control of the smart grid and water systems are only some of the ways that a city can be considered smart — but with all new advances in technology, there are potential drawbacks.
Security is the critical issue at the forefront of the minds of researchers and one that could cause chaos in urban areas unless we gain a handle on it now.
According to Trend Micro’s latest “Securing smart cities” report, released on Tuesday, security may be the element which could bring a smart city down to its knees and city officials may not be doing enough to enforce security basics while being swept away on the tide of exciting new smart city ideas.
Smart city investment is expected to reach $88.7 billion by 2025 in comparison to $36.8 billion in 2016 with funding projects such as the US White House’s “Smart Cities initiative” further fuelling demand.
City planners have seized upon the idea of bringing connectivity, data analytics and smart city solutions to the population, but in Trend Micro’s report, we can see just how many attacks on these services are possible today.
The threats that these smart cities face are numerous. With roughly 70 percent of the energy produced globally now funneled into cities and the same percentage being generated by these areas in terms of gross domestic product (GDP), any kind of compromise, intrusion, or spying on smart cities can have serious consequences.
In Yokohama, Japan, for example, energy management systems (EMS) at being implemented to improve the city’s energy efficiency as well as reduce CO2 emissions. Smart meters are also in use, but these readings can be decoded with a cheap USB kit, fake signals can be sent, power can be throttled and if tapped into, attackers could also potentially record when and where power is being used — which can tell them whether anyone is physically in a property.
Trend Micro has spotted injection and remote code execution attacks being levied against power meter providers, as well as attacks against industrial control systems (ICS) used in power grids which have resulted in outages. When it comes to EMS, radio signal jamming can be used to disrupt services.