Cities across the country are turning to “smart” technologies – such as gunshot detection systems, traffic signals and emergency alerts – to make communities safer and more efficient. But a key question remains: how secure are these systems against cyberattacks?
In her research paper titled “How do Cyber-Risks Vary Across Smart City Technologies?”, published in the Journal of Urban Technology on July 2nd, UC Berkeley Political Science and Global Metropolitan Studies Professor Alison Post and her colleagues showed that the technologies most vulnerable to hackers are also the ones that could cause the most serious harm to the public if compromised.
“Our findings suggest that the total risks posed by smart city technologies like emergency and security alerts and smart traffic lights are much greater than for other technologies such as satellite leak detection or smart waste bins,” Post said.
According to Professor Post, this is the first study to use mixed methods of expert surveys and expert interviews to analyze cyber-risks of smart technologies in specific policy areas, such as water and security. By using a social science approach, the interdisciplinary research team was able to capture not just the technical vulnerabilities but also the broader societal consequences of attacks, which also affect the probability of attack.
Traditionally, scholarship in this area has been split: engineering and public administration research often celebrates smart technologies, while urban studies focuses on their dangers. Post’s work bridges this gap, showing that both the promise and the risks need to be carefully balanced.
Post said there are three factors that affect risk: technical (e.g. size of the “attack surface,” which is the number of ways an unauthorized user can break in); the presence of interested threat actors; and the potential impact of an attack, which makes it attractive to attackers and thus increases the likelihood of an attack.
The study found that emergency alerts have a large attack surface that makes them especially vulnerable. Attacks on these systems would also cause major disruptions, making them a particularly attractive target for hackers. Video surveillance systems and smart traffic lights were also identified as high-risk. A successful attack could have severe impacts, from spreading false emergency alerts that spark panic and unrest to hacked traffic lights that cause accidents.
Survey respondents identified national governments and insiders as the most serious threat to these systems, given their access and more advanced tools.
Post recommends that local decision-making regarding whether to adopt smart city technologies should consider different perspectives, from IT security departments to governmental departments that see the potential improvements to service delivery. The study shows that it is important to weigh the risk of cyberattacks against the possible benefits of smart city technologies.