Securing a smart City
What is a smart city and should we be worried about what this means for citizens in terms of their privacy and security?
The rapid growth of the internet means that we are increasingly relying on technology. From internet banking and online shopping to keeping in touch with our families, it has helped improve accessibility and reach. Governments have also been quick to embrace technology with ‘smart cities’ being heralded as the future.
The term ‘smart city’ was first coined in the early 1990s. In simple terms, a ‘smart city’ collects data from a variety of sources, including citizens, buildings and devices and then uses that data to improve the services it provides. Many cities around the world have made firm commitments to become ‘smart’, including several in the UK.
In November 2021, Newcastle was crowned the UK’s smartest city in the global Smart City Index, overtaking London and Manchester, and ranked 21st globally, with Singapore, Zurich and Oslo covering the top three spots. The Smart City Index is ranked based on economic and technological aspects of these smart cities and takes into consideration the quality of life, environment and inclusiveness. Newcastle earned its reputation by working on innovative projects such as installing IoT (Internet of Things) smart sensors on its streets, including on lampposts and waste bins, to collect real time local data to help improve the living environment around air quality, traffic congestions and waste collection.
There are many advantages to becoming a smart city. They can help city administrators reduce their reliance on resources, they can improve the accessibility of services provided to users and they can also help improve efficiency by switching off streetlights when they are not required. However, there are some concerns about the technology being used. The infrastructure required can be expensive and cause disruption while being installed. Smart cities also can’t solve traditional problems associated with local delivery, and finally, there are concerns about privacy and data security.
On this last point, it is easy to understand why smart cities are a target for cyber-criminals. The information they capture is hugely valuable. Smart cities have the capability to track people and monitor their movements, capturing terabytes of personal information, which could be used by criminals to commit identity fraud.
So just how secure are smart cities? Well, there have been a number of cases around the world where smart cities have been targeted. In Texas, for example, hackers were able to exploit a security weakness in a tornado warning system, setting off sirens that caused widespread alarm. There are also concerns that criminals could infiltrate smart traffic systems, causing blockages or accidents. Even power and waste management systems could potentially be vulnerable, with criminals able to shut off power to citizens.
In November 2016, residents of two apartment buildings in the city of Lappeenranta, Finland, were victims of such a cyber attack that left them in the cold for a week. The hackers successfully launched a Distributed Denial of Service attack (DDoS attack) which overwhelms a system or website with too much traffic in order to disrupt it, and as a result took down both buildings’ central heating and water systems.
The system tried to block the attack by automatically rebooting itself, but to make matters worse, the system got stuck in an endless cycle of rebooting, which caused the central heating to shut off completely. The company that managed the smart home systems of the buildings were able to disconnect it from the internet and eventually managed to get the systems back up and running again.
A similar cyber attack, but on a larger scale, occurred a year earlier in 2015; it temporarily shut down the power supply to more than 230,000 residents in the western region of Ukraine. While the power was only out for one to six hours, the highly sophisticated and well-organised cyber attack raises real concerns of it being replicated against an entire city or county. The results could potentially be catastrophic, especially if the outage lasted for a long period of time.
But how do we make our smart cities safe? Thankfully, most smart cities have been developed with security in mind and there’s widespread agreement that they need a much higher level of security than other organisations. Even implementing the most basic controls can help prevent the most common types of attack. This means establishing a good level of cyber hygiene, ensuring a robust password policy across the entire network, patching updates regularly and implementing 2FA or MFA. Another approach cities can take is to become ‘zero trust’. This means verifying everything and everyone inside and outside the perimeter before granting access.
Smart cities are undoubtedly a priority for many governments and will inevitably change the way we engage with local service providers. As long as security and privacy concerns are properly understood and addressed, then smart cities are something that we should all be looking forward to.
Michelle Kradolfer
Police Crime Prevention Initiatives
