Protecting Smart Cities

Our cities are becoming smarter, and technology will continue playing a more central role in city development in the future

The benefits are clear: Smart cities will be more convenient, more efficient, and more pleasant to live in and visit. However, smart cities are also a bit of a double-edged sword, as with the benefits come a series of risks, with the potential harm that can be done by malicious actors being at the forefront. Here are a few potential security risks and some of the ways to combat them.

One of the ongoing debates about smart cities is how they’ll handle privacy. Elements of smart cities inevitably rely on identifying users and storing data for user accounts, and those using the smart infrastructure want to be able to trust that their information is kept safe. As has been demonstrated in the past, however, user databases are often at risk, and small security holes can be exploited to allow malicious actors to access private information. With more and more user data being stored, these attacks can potentially place nearly all of a smart city’s residents at risk of identity theft and having private information compromised. The Internet of Things, which is core to smart cities, presents a magnitude of privacy concerns not seen with other technologies. Based on the past, it seems all but inevitable that data will be compromised, which can cause the concept of smart cities to come under extra scrutiny.

Widespread Disruption

Cities used to function without electricity. Long after the advent of easily available and cheap power, however, cities now come to a halt if there’s a major power outage. As we come to rely more on specific technologies, we also become vulnerable to widespread disruption when that technology is disrupted. Malicious actors can potentially use our forthcoming reliance on smart technologies to bring down cities and cause tremendous economical damage. If a city’s public transportation infrastructure, for example, is brought down due to hacks, it may be impossible for people to live their normal lives, potentially for extended periods of time. Even power grids, which are increasingly being connected to IoT networks, might prove to be at risk. In fact, Kiev, Ukraine, lost approximately a fifth of its power capacity for nearly an hour in 2016, and many experts believe the problem was due to a test run of malware. Smart technology has clear benefits, but it’s worth considering what happens if systems fail due to attacks or even mistakes. National security considerations should be factored in as well, as a cyberattack on a nation’s major cities, for example, might prove to be a powerful first blow.

As more and more data is stored online, law enforcement will increasingly rely on information stored in databases. Government and private entities are likely to use this information as well, and your stored data will have a substantial impact on your life. If malicious actors compromise databases, they may be able to change user information, potentially causing legal issues and other problems for users. If this data can be shown to be at risk, faith in law enforcement and government might be compromised. In a scenario that’s been explored in science fiction novels in the past, it may be possible for people to be framed for crimes with just a simple database intrusions. Furthermore, criminals may be able to credibly raise doubt based on the existence of past database manipulation. If law enforcement professionals, judges, and jurors can’t fully trust the data they’re presented with, trust in legal and government matters might be at serious risk.

Once smart infrastructure is compromised, the ramifications can be difficult to predict. Public safety is a goal for smart cities, but these safety networks can cause widespread panic if misused. If, for example, tsunami warning systems are compromised, cities might mistakenly call for widespread evacuations, which present significant safety risks. Furthermore, repeated intrusions might cause the public to distrust safety systems, meaning they won’t be properly used when an actual disaster strikes. Coordinated and more complex attacks can leave a city in a state of disarray, making it unable to function for a lengthy period of time. In early 2018, Hawaii accidentally sent out a fake tsunami warning, leading to panic and disruption. An intentional attack could create far more trouble and jeopardize public safety.

Covering for Attacks

During a terrorist attack, cities rely on first responders to minimize harm and protect the public as much as possible. However, first responders are increasingly adopting digital technology, including smart infrastructure. As a prelude to an attack, terrorist organizations might target communication infrastructure, leaving first responders unable to respond properly. Again, there are national security concerns as well, as belligerent actors might first focus on disrupting communication before launching an attack. Robust systems and redundancy can help prevent these attacks, but when national security is at stake, questions about communication systems reliability move to the forefront. Some of the other attacks mentioned above can also be used in conjunction to provide extra cover for terrorists attacks and even invasions. A false natural disaster threat, followed by communication disruption, can set the stage for a chaotic and dangerous attack.

The fundamentals of protecting smart cities are the same as the fundamentals of protecting IoT networks. However, the interconnected nature of smart cities ramps these risks up considerably, as is the sprawling nature of forthcoming smart city infrastructure. Target’s infamous data breach in 2013 was caused by security problems in an HVAC system, which was connected to the wider network and provided an entry point for attacks. Strong encryption is a cornerstone of IoT infrastructure, as is ensuring security vulnerabilities are patched as quickly as possible. Password security can help, as can making sure employees handling sensitive data are properly trained. Perhaps the best way to help keep cities safe as they become smarter is to focus from the top down. Today, ad hoc infrastructure is common in growing smart cities, but there may be a need for a more centralized effort. Top-down guidance and perhaps regulation may be the best ways to ensure systems are properly hardened. Whether it’s possible to adequately prevent attacks, however, remains to be seen.

Featured image: ©metamorworks