A smart city can be described as a city that incorporates the capabilities of web connectivity, analytics, mobile solutions, sensors, data collection and other technology. This can include surveillance systems utilized by law enforcement, smart congestion-mitigating traffic systems, LED streetlights equipped with motion sensors, smart grids and smart water systems.
A smart city contains a myriad of objects that receive, collect and transmit data.
The purpose of smart city data collection is to enable the creation of innovative new products and services that improve the quality of life in a given smart city. Smart cities have the potential to solve a variety of municipal issues. But, as is the case with technology in general, these cities are also vulnerable to serious threats.
Sara Degli-Esposti, a research fellow at Coventry University and Siraj Ahmed Shaikh, professor of systems security at Coventry University have cautioned that, “through sensors embedded into our cities, and the smartphones in our pockets, smart cities will have the power to constantly identify where people are, who they are meeting and even perhaps what they are doing.” And, as smart cities become even smarter, privacy issues become even more pronounced. Esposti and Shaikh point out that cities like Singapore, San Francisco and London are now using, “urban sensing (which captures how people interact with each other and their surroundings), geotracking (which records the movement of people), and real-time analytics (which processes the vast amount of collected data).”
To demonstrate how easily individuals can be monitored, Esposti and Shaikh detailed a situation involving Facebook:
“Because of the huge and detailed information collected by internet of things (IoT) devices, smart city projects could lead to similar worries. Take for example, the Cityware project, which demonstrated the possibility of mapping not just digital but also physical encounters between Facebook friends. Cityware was able to track the movement and interaction of 30,000 people using their Facebook profiles and smartphone bluetooth signals.
Most people tend to underestimate that the smartphone they carry around is a very powerful sensing tool. In order to function, your phone continuously shares data about your location, digital and physical interaction, and more. When this data is matched with further information collected from IoT devices and smart grids – electricity supply networks that rapidly detect and react to local changes in usage – it raises serious implications for people’s privacy and right to self determination.
Just as you give Facebook the right to own anything you post on your profile, the data collected by online sensors across smart cities will be owned by a variety of corporations, including internet service providers (ISPs). Last year, the US Congress overturned internet privacy protection by granting ISPs the right to sell users’ information, such as browsing history, to third parties.”
Once gadgets are connected to the internet, one result of the interconnectivity of smart city design could allow companies to learn what brands, products and services an individual prefers and details regarding that individual's usage. All of the data collected could be purchased by third parties.
The smarter a city becomes, the more vulnerable to exploits it may become. A whole host of new opportunities for hackers to spy, phish, disrupt and leak is born. Further, the ante is upped when a cyberattack claims a government entity as a victim.
A cyberattack is particularly dangerous when the target is a hospital or other health care facility. Health care facilities are part of smart city networks. Bleeping Computer has written about how medical devices are also vulnerable to attacks and how the FDA has been addressing the issue.
On top of that, smart cities are at risk of ransomware attacks. Last month, the Colorado Department of Transportation’s (CDOT) IT system was infected by SamSam ransomware. Bleeping Computer reported that as the CDOT had begun to recover from the cyber incident, international media reported the CDOT had been affected by another ransomware infection only a week after the original attack. Similarly, Atlanta was hit with SamSam ransomware, also last month, which disrupted several critical systems across the city including the police department. Ransomware continues to be a threat while the planning, implementation and management of smart cities continues on.
Transportation in a smart city can be targeted by hackers, resulting in anything from inconvenience to catastrophe. For instance, a single malicious vehicle can block smart street intersections, as academics from the University of Michigan have demonstrated. One malicious car could trick smart traffic control systems into believing an intersection is full and force the traffic control algorithm to alter its normal behavior, and indirectly cause traffic slowdowns and even block street intersections.
Provada Future, a future-focused Dutch magazine, describes how a malicious attack on transportation systems in smart cities could have disastrous results:
“It could be argued that mass transportation systems are our cities' cardiovascular systems. Gaining access to them would allow hackers to affect the flow of people entering and leaving the city. For example, cyberterrorists could prevent workers from reaching the central business district by closing down train lines, which would cause chaos in the local economy. They could also do the opposite and prevent people from leaving the district by taking over road traffic signals, a tactic that could be employed by terrorist to supplement an attack.
A dependable source of fresh drinking water is essential to any city's survival, which is why cities need to do everything in their power to protect their water supply systems from hackers.
An attack against a city's emergency services networks, particularly if executed alongside a physical terrorist attack, could potentially be devastating, causing mass panic and confusion, and creating chaos in the city.”
Security measures need to be built into any smart city designs. And, current security measures need to be carefully scrutinized. Residents of these cities, however, also need to be aware of potential threats, practice situational awareness and keep pressure on city authorities to keep the level of risk at a minimum. The benefits of smart cities should vastly outweigh the risks.