- Some smart city technologies are more at risk of a cyberattack than others, according to recent research from the University of California at Berkeley (UC Berkeley), meaning local leaders must be more conscious of the technology's associated risks.
- Researchers found that emergency alert systems, street video surveillance and some types of traffic signals are the most vulnerable to an attack, and bad actors could potentially cause great disruption and negative consequences when hacking into them. By contrast, smart waste systems and satellite water leak detection are among the safest.
- The report recommended that when assessing whether to invest in certain smart city technologies, leaders should consider the interests and capabilities of those who want to hack into those technologies, and the potential impact of any attacks on their systems and the lives of their residents.
Experts believe smart city technology and innovations will soon touch every corner of urban life, and the opportunities are tremendous, potentially even more so under the Biden administration. An analysis last year by consulting firm Frost & Sullivan found that global investment in smart city technologies is expected to reach $327 billion by 2025, up from $96 billion in 2019.
But that technology is not without its vulnerabilities to cyberattacks: hackers were able to get into the Oldsmar, FL water plant's supervisory control and data acquisition (SCADA) system last month and alter the amount of sodium hydroxide in the water. Meanwhile, the likes of New Orleans; Knoxville, TN; and Las Vegas have seen their systems affected by ransomware attacks. Those risks have intensified during the coronavirus pandemic when many employees were forced to work remotely.
The UC Berkeley report notes the risks associated with emergency alert systems, which have been infiltrated in Baltimore, Dallas and other Texas cities, among others, causing confusion and panic. And the hacking of smart traffic lights and intersections, which researchers have previously shown to be vulnerable, could mean intense congestion or worse, especially given the role they will play in helping autonomous vehicles travel safely around cities.
Report co-author Alison Post, an associate professor of political science and global metropolitan studies at UC Berkeley, said cities must weigh the impacts of those systems being hacked, or what would happen if personal data were compromised, when they invest in new innovations.
"What we feel is the right thing is that essentially these risks should be weighed on a case-by-case basis," Post said. "Technologies, the cost savings, or the conservation gains may outweigh any sort of risk."
Experts have continually sounded the alarm that public agencies need to be better prepared for hacks and other cyberattacks, with hackers using increasingly sophisticated methods and many agencies guilty of not investing in the cybersecurity technology they need to stay ahead of bad actors.
But rather than simply not invest in new technologies for fear of being hacked, Post said cities should make sure they have in-house cybersecurity expertise, especially in their IT departments. Local leaders should talk with other jurisdictions about their experiences through councils of governments and other collaborative bodies that work across borders, according to Post.
She said cities can also strengthen their procurement process by requiring vendors meet certain cybersecurity requirements, in a bid to stay ahead in what she described as an "arms race" between the hackers and their potential victims.
"It helps to have in-house expertise when you're vetting vendors, because then you're in a better position to evaluate the sort of proposals that are being given to you," Post said. "[You] may have, say, a civil engineering unit that's making many of its own procurement decisions. In cases like this, it likely makes a lot of sense to involve the IT department in those decisions, even if the civil engineering department knows what it wants in general."