Data Sabotage: The Serious Security Risk of Smart Cities

September 2, 2016
| |
4 min read

Cities are getting smarter. Urban centers are now spending big on technologies such as predictive traffic control, mobile app-enabled parking, intelligent energy management and machine-to-machine communication powered by connected infrastructure. Sounds like a blueprint for utopia, right?

But there’s a problem. Just as cybercriminals turned their attention to user credentials such as passwords and email addresses — the most stolen digital commodities in 2015, according to Dark Reading — and upped their mobile malware game, smart cities come along and offer a new opportunity: data sabotage.

What happens if a metropolis running on sophisticated, integrated technology suddenly finds itself under the control of cybercriminals?

A Tale of Tech Cities

It’s one thing to talk conceptually about the integration of smart technologies with day-to-day city life, but what does this look like in practice?

First and foremost, it’s not cheap: Saudi Arabia has $70 billion earmarked for smart city development, while a new project in South Africa will cost at least $7.4 billion to complete, a white paper noted. According to TechRepublic, the worldwide market for smart city tech will reach $400 billion by 2020.

But return on investment may be substantial, with tech-savvy cities expected to generate 60 percent of the globe’s GDP by 2025. It makes sense: If citizens and city mangers can easily access critical information on-demand, and services can intelligently self-regulate, the result is a more efficient and more productive urban infrastructure. Consider the case of Fort Worth, Texas, which recently implemented a joint emergency operations center. It enjoyed an ROI of 269 percent for this smart city project, with total payback of initial costs in just four months.

As for the technology itself, consider work already well underway in Israel. According to Fortune, telecom firm Bezeq has invested millions in the growing city of Modi’in, installing hundreds of sensors and cameras in a large park. As a result, city officials can now monitor parking, noise, public safety and water quality in a nearby man-made lake.

Smart street lighting is also an easy entry point for cities. By installing sensor-equipped streetlights, urban centers not only save money on efficiency, but are also able to capture useful data on how citizens use public spaces and where more (or less) lighting is needed. Traffic control is another ideal smart initiative: Lights and signals equipped with cameras and sensors can relay real-time information to city planners, let traffic lights adapt to changing conditions and decrease vehicle congestion.

As noted by ReadWrite, cities can also benefit from smarter communications services. By deploying easy-to-use, mobile-enabled reporting tools, citizens can quickly notify the correct department about infrastructure issues such as roadway damage, injured wildlife or illegal dumping. Ideally, this helps foster a sense of collaboration and cooperation among citizens, in turn creating cleaner, safer places to live.

Data Sabotage: The Next Big Front

So what’s not to like about more intelligent, adaptable cities? Very little — for citizens and criminals alike. As noted by CNBC, data sabotage may be one of cybercrime’s next “big fronts” as cities ramp up information collection and sharing. According to James Clapper, director of National Intelligence, “decision-making by senior government officials, corporate executives, investors or others will be impaired if they cannot trust the information they are receiving.”

Open Learn pointed to the massive attack surface of IoT technologies as a key driver of smart city cybersecurity. With cities already strapped to manage the demands of disparate departments across a private, internal network, the addition of public sensor data makes control a near-impossible task.

This isn’t just an intellectual, down-the-line concern. Consider the chaos if cybercriminals suddenly made every light in a city green at once, or randomly cycled traffic signals during rush hour. The ensuing barrage of accidents would not simply clog up roads and strain police resources, but would require so much network bandwidth to resolve the issue that other, even more critical systems could be left unguarded.

Or consider the recent discovery of malware on VIA Metropolitan Transit’s network by security firm Infocyte. According to San Antonio Business News, despite a “good standard build” and enterprise-grade security, malware threats still made their way onto the system. While there were no immediate risks to traveler safety, the proof is in the programming: Even secure city networks aren’t impossible to crack.

The Need for Security

Of course, this is just the tip of the iceberg: Data sabotage of traffic lights or light rail transit amounts to cybercriminals dipping their toes in the water. If attackers took control of a city’s smart streetlight grid, for example, they could effectively plunge it into darkness, paving the way for all manner of chaos. Hijacking emergency services systems, meanwhile, could give attackers the power to fake an emergency that required military response, in turn pulling troops away from other valuable targets. With a connected city under their control, almost nothing is beyond the reach of motivated cybercriminals.

Smart systems, however, offer cities the benefit of increased resilience. As noted by a recent IBM white paper, by providing access to a wider array of data sources, leveraging this data for insights and empowering situational awareness of potential incidents, cities should be able to better detect malicious activities and respond more quickly to emerging threats. In addition, ongoing data analytics supports improved planning, decision-making and resource deployment to help make cities more resistant to attack. Networked services pose a security concern for smart cities, but the combination of improved public safety and proactive mitigation should more than offset this risk.

With smart city initiatives ramping up, it’s not a question of if communities will come under attack, but when. According to TechCrunch, cities need to start by prioritizing data security. Information must be encrypted whenever possible and sensors regularly monitored to ensure no tampering occurs.

Better software vetting and testing practices are also required. With the IoT market enjoying significant growth, many application developers have thrown their hat in the ring, but often prioritize time-to-market over security. Since the ultimate goal of any smart city technology is to empower citizens and the community at large, independent and internal security assessments are required to ensure that new investments both enhance the day-to-day experience and limit potential risks.

The Citizen’s Burden

Citizens also play a role in avoiding data sabotage. As noted by the Observer, it’s critical to nurture the growth of “smart citizens” who don’t simply use the technology offered by city departments but play an active part in developing and implementing these tools.

For example, some cities are giving residents the chance to design highly local tech that big companies may not see as cost effective. This not only ramps up citizen involvement, but also drives home the point that smart city tech both provides great power and demands commensurate responsibility of use — from residents and city departments alike.

Smart city tech is on the rise, bringing more efficient ways to administer services and increasing the citizens’ ability to interact with local government. But the new threat of data sabotage also looms. To avoid the misuse or manipulation of local information, cities must spend as much time on improving security as rolling out tech services.

Douglas Bonderud
Freelance Writer

A freelance writer for three years, Doug Bonderud is a Western Canadian with expertise in the fields of technology and innovation. In addition to working for...
read more