“I’m sorry Dave, I can’t let you do that”

Smart Cities

This quote from Stanley Kubrick’s famous sci-fi film ‘2001: A Space Odyssey’ (1968) depicts a dystopian future where a spaceship computer becomes self-aware, attempting to kill its crew. Although the dates might have been a little off (we are yet to achieve long distance space travel and it’s already 2017), we do have some darned clever machines running many aspects of our lives.

Thankfully, the likelihood of these machines becoming conscious, like Hal the computer in ‘2001: A Space Odyssey’, remains but a distant fantasy. However, the enormous networks of interconnected devices employed to smart cities, do present a very real security risk.

With Gartner estimating as many as 20.4 billion connected “Things” will be in use by 2020, smart technology has tremendous potential to transform the infrastructure of our cities and our daily lives. A prospect which is at once exciting and terrifying.

Automated maintenance in Smart Cities

In Los Angeles, LED Streetlights with sensors monitor light conditions and send notification when bulbs need replacing; in Pittsburgh, the surtrac system observes and responds to changing traffic patterns, significantly reducing journey and wait times; networks of cameras and sensors have been combined with Artificial Intelligence to fight crime in parts of Africa and China; driverless buses are currently being tested in several cities worldwide; and in a bid to avoid outages caused by power fluctuations, storms and damage, cyberattacks, and other disruptions, the US Department of energy is funding research into smart power grids.

Connected networks are a hotbed for attacks

The flipside of this coin is that the connected networks these systems sit upon present a huge attack surface, vulnerable if not adequately defended. In a worrying recent real-world example, Dallas’ tornado warning system was breached by a hacker, resulting in 156 sirens going off and causing widespread panic. The 4,000 calls to 911 placed a heavy load on emergency services system, potentially putting lives at risk. The fact that engineers were unable to switch all of the sirens off for some time after discovering the breach, makes this a disturbing vision of how things can go wrong.

In a further frightening case of disruption to an essential service, part of the Kiev electricity distribution network was shut down late last year by what appears to be a Russian-created cyberweapon. The malware, known as ‘CrashOverride’ or ‘Industroyer’, is the first ever malware framework designed for and deployed to attack power grids, with the potential to be scaled up to much greater effect. Dragos, a cybersecurity firm, created this extensive report detailing the weapon and its impact.

Smart cities can bring huge benefits to our lives, our wallets, the health of our cities, and even the health of the planet. However, governments need to weigh these benefits against the increased risk of malicious network breaches and the havoc these can cause. They must be especially vigilant about network security, ensuring that robust systems and processes are in place. Convenience must not come at too great a cost, we need to be clever.