Smart Cities Are Going to Be a Security Nightmare
In the fictional world of the video game Watch Dogs, you can play a hacktivist who takes over the central operating system of a futuristic, hyper-connected Chicago. With control over the city’s security system, you can spy on residents using surveillance cameras, intercept phone calls, and cripple the city’s critical infrastructure, unleashing a vicious cyberattack that brings the Windy City to its knees.
Watch Dogs is just a game, but it illustrates a possible “what if” scenario that could happen in today’s increasingly smart cities. Advancements in artificial intelligence and Internet of Things (IoT) connected devices have made it possible for cities to increase efficiencies across multiple services like public safety, transportation, water management and even healthcare.
An estimated 2.3 billion connected things will be used in smart cities this year, according to Gartner, Inc., the technology research and advisory company. That would represent a 42% increase in the number of connected devices since 2016. But the rise of digital connectivity also exposes a host of vulnerabilities cybercriminals are lining up to exploit.
On April 8, hackers set off 156 emergency sirens in Dallas, Texas, disrupting residents and overwhelming 911 operators throughout the day. The number of attacks on critical infrastructure jumped from under 200 in 2012 to almost 300 attacks in 2015. As smart cities move from concept to reality, securing their foundation will become a top priority to ensure the safety of our digitally connected communities.
Simply put, smart cities rely on interconnected devices to streamline and improve city services based on rich, real-time data. These systems combine hardware, software, and geospatial analytics to enhance municipal services and improve an area’s livability. Inexpensive sensors, for example, can reduce the energy wasted in street lights or regulate the flow of water to better preserve resources. Smart cities rely on accurate data in order to properly function. Information that has been tampered with can disrupt operations — and constituents’ lives — for days.
Several cities have adopted smart technologies, applying artificial intelligence to accelerate their transition into the future. In Barcelona, smart water meter technology helped the city save $58 million annually. In South Korea, one city cut building operating costs by 30% after implementing smart sensors to regulate water and electricity usage. With the global IoT footprint expected to surpass 50 billion connected devices by 2020, urban communities will need to strengthen existing cybersecurity protocols and disaster recovery methods to counter hackers searching for opportunities to wreak havoc.
As smart city infrastructure proliferates, the stakes for protecting these digital foundations will only get higher. While investment in smart technology has gone up, many of these innovations are deployed without robust testing and cybersecurity is often neglected.
For example, cities currently using a supervisory control and data acquisition (SCADA) system, are particularly susceptible to frequent hacks due to poor security protocols. Though SCADA systems control large-scale processes and unify decentralized facilities, they lack cryptographic security and authentication factors. If a hacker targets a city’s SCADA system, they could threaten public health and safety, and shut down multiple city services from a single entry point.
Simple computer bugs can also cause significant glitches in control systems, leading to major technical problems for cities. Once hackers invade smart city control systems, they can send manipulated data to servers to exploit and crash entire data centers. This is how hackers gained access to an Illinois water utility control system in 2011, destroying a water pump that serviced 2,200 customers. Not only do these breaches disrupt daily operations for residents, they can be costly to remedy. A hypothetical hack that triggers a blackout in North America is estimated to leave 93 million people without power and could cost insurers anywhere from $21 billion to $71 billion in damages.
The inevitability of cyberattacks is a lesson the private sector has learned the hard way. As cities adopt smart initiatives, they’d be wise to make data security a priority from the outset. In addition to physically securing facilities controlling power, gas and water, city planners should also implement fail safes and manual overrides in all systems and networks. This includes forcibly shutting down potentially hacked systems until security experts have the opportunity to resolve vulnerability issues. Encrypting sensitive data and deploying network intrusion mechanisms that regularly scan for suspicious activity can also protect against hackers trying to breach control systems remotely.
Smart cities can increase productivity and efficiencies for citizens, but they have a serious problem when security is underestimated. As local governments pursue smart initiatives, realizing the full potential of these digitally connected communities starts with implementing cybersecurity best practices from the ground up.