Connecting state and local government leaders
Technology like sensors built into infrastructure and emergency alerts has possible benefits, but in a new study dozens of experts weigh in on where some of the more significant pitfalls may lie.
Certain “smart city” technologies are likely to be far more vulnerable to cyberattacks and attractive to hackers than others, according to a new report. It’s something local governments may want to consider as they build out higher-tech infrastructure.
Researchers at University of California, Berkeley’s Center for Long-Term Cybersecurity asked 76 cybersecurity experts to rank nine different types of smart city technology based on its underlying technical vulnerabilities, attractiveness to hackers and the potential consequences of a serious and successful cyberattack.
People who responded to the poll pointed to emergency alert systems, street video surveillance and smart traffic signals as posing some of the greater risks. Those surveyed identified these technologies as the most vulnerable from a technical standpoint, as well as having a high potential for negative consequences if hacked, and said they are likely to be more attractive targets for sophisticated, nation-state attackers.
In terms of consequences, hacked traffic signals could cause gridlock or crashes, or prevent the flow of emergency vehicles. Fake emergency alerts could cause panic or civil unrest.
The findings suggest insiders with ready access to computer systems and foreign nations would be among the most effective at carrying out attacks on these types of smart city targets. That’s opposed to “hacktivists,” terrorists, thrill-seekers or other online criminals.
Alison Post, a professor at Berkeley and one of the report’s co-authors, noted that while those in the tech sector and other smart city proponents often hype the technology's benefits, others in urban policy and civil liberties circles tend to be more circumspect and focused on the risks to privacy and with cyberattacks.
“The gains are going to vary,” Post said. “The risks also vary significantly.”
“Local agencies really need to think hard about the balance,” she added.
High-tech waste and recycling bins and satellite water leak detection systems were two of the technologies that carry the least cybersecurity risks, according to poll respondents.
Other technologies the researchers asked about, which generally posed mid-level risks according to the results, included “smart” tolling, open data for public transit, gunshot detection systems and water consumption tracking.
There are limits with the study, which the authors acknowledged. For example, it doesn’t take into account specific cybersecurity efforts governments might take to prevent cyber attacks and the sample of experts is limited. The report also only includes a small set of technologies, and doesn’t look at areas like the electrical grid, which are generally less tied to local government.
Post said the report’s framework examining smart city tech through the three lenses of technical vulnerabilities, attractiveness to capable attackers and the potential for damaging consequences from a hack, could be useful for local governments to consider.
Keeping lines of communication open between agencies that are using or deciding whether to adopt the technology can also be helpful in identifying areas of concern, she added.
The survey the research is based on was conducted last year and a report on it was released this month. More information on the study can be found here.
Bill Lucia is a senior editor for Route Fifty and is based in Olympia, Washington.