The development of smart cities has been taking place across the UK for a number of years now, but what are the risks involved when everything in a city becomes connected?
A smart city is an area which is redesigned using various types of electronics, information and communication technologies (ICT) to enhance the connectivity and performance of urban services like transportation, utilities or energy. The idea of a city becoming ‘smart’ is often established once Internet of Things (IoT) devices are deployed to transform the infrastructure of a particular area.
By deploying these IoT devices, locations and the buildings around them can be connected to the internet. This, in theory, allows city planners to be more efficient with resources and find novel solutions to issues like traffic congestion by using current data. But the reality is there are major security and safety concerns as a result.
Although smart infrastructure provides living, transportation and connectivity benefits for residents, the use of connected technology makes smart cities increasingly attractive to malicious cyber attackers, as the US city of Atlanta learnt in March 2018.
A ransomware attack hit some of the city's customer-facing applications, leading to a decision to shut down the free Wi-Fi network at the Hartsfield-Jackson Airport. According to reports, the attack hit five out of 13 of the cities departments.
The security risks of connected technologies can be more severe than data loss or financial impact too.
As more and more smart cities are being developed around the world, a growing number of areas will become more vulnerable to attacks.
The smart sensors they use are often built into traffic lights and street lighting to manage smart parking and reduce congestion on roads, but the majority of wireless sensors do not have security built-in, so are therefore not secure by design.
“A lot of [sensors] come with default passwords that are not protected out of the box,” Kevin Curran, senior member of the IEEE and professor of cyber security at Ulster University, tells Techworld.
“There have been hacks even on traffic lights, and that’s down to the pretty low-key wireless sensors with default passwords that have been compromised in cities around the world,” he adds. “So, there’s the danger of using IoT devices, they generally aren’t secure.”
Gartner estimates that there will be 20.4 billion ‘connected things’ in use by 2020, a prediction that is proving increasingly likely with the increase in IoT and connected technologies used in smart cities. But the rise in the number of IoT devices only makes room for more risks.
“The major concern is security. The fact that we have cities collecting data on the power usage of citizens, for instance, can be dangerous because even something as innocuous as power usage can indicate when they are or are not at home,” Curran explains.
“As long as there’s privacy involved, we just have to ensure that the local authorities protect our data when they collect it, because they will have access to very private information in many ways.”
In order to stay safe from the likely security flaws, manufacturers should ensure security is integrated into their products from the design stage. Local authorities and key stakeholders in smart city planning should also make cybersecurity principles as part of the design and operations.
“They need to install devices which come with a security roadmap and just be held accountable to review systems before they are installed,” Curran adds. “We just need clever spend of our money because technology can lead to a more effective city and cost savings.”
As well as the security risks of smart cities, there are also factors that make financing them difficult.
The IoT devices used in smart cities are often being deployed in a real-world setting for the first time. According to research by Deloitte, this can reduce the confidence of investors in the usability of the technology.
Local authorities often have to fund the costs of technologies themselves, to prove the socioeconomic impact they will have before central government is willing to invest in them. This reduces the budget they have left for other infrastructure developments, and many local authorities are already stretched.
“One of the negatives of smart cities is it does affect costs, and technology only has a short shelf life because it does age rapidly, so the cost aspect will lead to industries having to prioritise what systems to add technology to,” says Curran.
Overall, security and financial risks are just two of the major concerns around smart cities. Local authorities and stakeholders should consider the various impacts connected infrastructure can have before embarking on a smart city project.
“Local politicians need to hammer down on their constituents and consider if what they’re inputting will benefit for regional reasons, and that means suitable devices which are cost-effective,” Curran says.