Smart cities are going to need to overcome their dumb security
Smart Cities Could Be Crippled by Dumb Security
A hack that activated hurricane sirens in Dallas is a harmless warning about a far more serious problem.
Urban centers around the world increasingly drip with technology. But as a hack over the weekend reminds us, city officials mustn’t forget that cybersecurity is a critical part of adding smarts to the urban environment.
On Friday night, residents of Dallas struggled to get as much sleep as they might have liked. At around 11:40 P.M., the city’s hurricane warning system sounded: 156 emergency sirens, all screaming out in unison. It happened another 15 times, each burst lasting 90 seconds, until the alarms finally fell silent around 1:20 on Saturday morning.
But as the New York Times reports, there was no hurricane coming — the sounds were triggered by a hacker who’d penetrated the system’s security measures. Few details have emerged about the hack, save for the fact that it’s thought to have been carried out locally and was very effective (technicians couldn’t stop the hacker, so they had to shut down the entire system to quiet the alarms).
Ultimately the hack didn’t cause any damage: the impact was limited to sleeplessness, complaints, and a doubling of 911 calls as some residents panicked. But it does serve as a reminder of the importance of securing urban infrastructure against cyberattacks.
Researchers have been finding vulnerabilities in connected city hardware, from traffic signals to smart meters, for several years now. The concern is that as such infrastructure proliferates, with devices increasingly connected by the Internet of things, hackers will identify more flaws and and use them to plunge whole cities into chaos.
There have been real-life examples of that happening already. Late last year, hackers threw 20 percent of the Ukrainian city of Kiev into total darkness after they used phishing attacks to gain control of electricity substations. And San Francisco’s Municipal Transportation Agency had its light rail network held hostage by ransomware last November.
For now such problems are inconvenient rather than catastrophic. But as Peter Tran, a senior director at RSA Security, recently pointed out, things could get worse. “What would keep a city leader up at night is not so much if his or her city had a data breach or power outage,” he explained, writing for IT Pro Portal, “but if the interconnected smart infrastructures such as payroll processing, banking … and revenue collection systems are also affected.” In that situation, where multiple systems all break down, disruption or deletion of data could bring the financial systems on which cities run grinding to a halt. And with it, city life.
When designing the cities of the future, “cybersecurity considerations should be on par with every design and architecture requirement,” Tran advised. That may be difficult advice to listen to when the prospect of shiny new infrastructure is on offer — but heeding such a warning could prove invaluable in the future.
Originally published at www.technologyreview.com.| by Jamie Condliffe | April 10, 2017