The riskiest smart city technologies
Emergency alerts, street video surveillance systems and smart traffic signals are riskier than other smart city solutions, according to a new report.
For their study, researchers at the University of California, Berkeley, asked 76 cybersecurity experts to rank nine technologies according to technical vulnerability, attractiveness to nation-state attackers and potential impact of a successful attack.
“According to our survey, not all smart city technologies pose equal risks,” stated the report, The Cybersecurity Risks of Smart City Technologies: What Do The Experts Think? “Local officials should therefore consider whether cyber risks outweigh the potential gains of technology adoption on a case-by-case basis, and exercise particular caution when technologies are both vulnerable in technical terms and constitute attractive targets to capable potential attackers because the impacts of an attack are likely to be great.”
Across the three categories, emergency and security alert systems were ranked most vulnerable. Satellite water leak detection was the least technically vulnerable, and smart waste or recycling bins would have the least impact if attacked — and they are also of the least interest to potential hackers, the report found.
In written responses, 18 of the 76 respondents said that tampering with traffic lights could cause accidents and gridlock and prevent emergency vehicles from reaching their destinations. Ten respondents added that spoofed emergency alerts could cause panic and civil unrest, the report stated.
Experts considered nation-states and insider threats as the most efficient at carrying out any cyberattack. They ranked thrill-seekers and hactivists – those who uses hacking to effect social change – as the least.
The report’s goal is to help local policymakers determine the right technologies for their smart city initiatives and their related cyber risk. By breaking that risk into three categories, decision-makers can better see what they’re assuming.
“Local officials receive a barrage of information about ‘smart city’ solutions to longstanding problems, such as traffic congestion, crime, inefficient use of power and water, and detecting leaky pipes,” the report stated. “Which of these myriad technological solutions hyped by consultancies, conferences and vendors are worth considering? And how should local governments consider the countervailing risks of cyberattack that such new systems may introduce?”
The security of city infrastructure came under the microscope in January, when hackers tried to poison the water supply of Oldmsar, Fla., by boosting the level of a toxic chemical. The White House has indicated that an executive order on industrial control systems is in the works.
The report also pointed to other resources for local agencies that want to learn more about the potential risks of various technologies. For instance, the Department of Homeland Security runs training programs, academic institutions such as the Massachusetts Institute of Technology offer online courses and certification programs on smart city cybersecurity and organizations such as the American Waterworks Association and Technology Approval Group have groups that study the cyber risks of smart city tech.