Cities are getting smarter when it comes to using technology as part of a daily routine. Payments for everything from rental bikes to parking meters can easily be made with the tap of app or SMS. But just because cities are becoming more connected and smarter regarding technology, it doesn’t make them any less hackable than computers and smartphones. Europe has a history of hacking, and smart cities are just as much at risk if they don’t have a budget to protect investments in civic technology. Here’s why having good encryption in place to protect data is just as important as the smart city services you’re setting up.-Bruno De Man
Hacking the systems
According to Cesar Cerrudo, chief technology officer at IOActive Labs, one of the main worries concerning hacking is that cities aren’t doing security testing on the technology systems they’re buying. When data runs wirelessly through services, it’s not hard for a third party to capture it. Just look at the 200,000 traffic control sensors installed in major cities from Lyon, France to Melbourne, Australia. These sensors could easily be prone to cyberattacks from as far as 457 metres away
In Europe, a real-life example is taking place in a Benelux city that uses an SMS-based system for its public transportation. The SMS parking tickets have a unique identifier, so they cannot be copied, but hackers have managed a way around this, developing an app so they can share tickets with other members. Pranks like making traffic lights stay red or changing the speed limit on electric signs may be more common issues, but researchers at the Black Hat Europe conference proved how easy it would be for hackers to black out parts of a city just by manipulating smart meters.
While you can never be 100 percent safe, it’s better to be as prepared as possible in terms of cyberattacks on your smart city. Here are three solutions to start the protection process.
-Understand the System: When you’re purchasing new products for your city, look just as carefully at the security features as you do at the service this piece of technology is providing.
-Compose an Emergency Response Team: One solution Cerrudo recommends is to mimic the methods of big businesses by compiling a Computer Emergency Response Team that’s trained to handle attacks, as well as run security tests on systems in place.
-Put Restrictions in Place: By tracking and monitoring data access, as well as running penetration tests, cities can see where their data may be most exposed and know how to fix any of these blind spots.