A new report by an interdisciplinary team of scholars from the University of California, Berkeley aims to help local-level policymakers better understand how cybersecurity risks vary among different “smart city” technologies. The Cybersecurity Risks of Smart City Technologies: What Do The Experts Think? presents results from a 2020 survey in which 76 cybersecurity experts ranked different technologies according to underlying technical vulnerabilities, their attractiveness to potential attackers, and the potential impact of a successful serious cyberattack.
“According to our survey, not all smart city technologies pose equal risks,” the authors wrote. “Cybersecurity experts judged emergency alerts, street video surveillance, and smart traffic signals to be riskier than other technologies in our study. Local officials should therefore consider whether cyber-risks outweigh the potential gains of technology adoption on a case-by-case basis, and exercise particular caution when technologies are both vulnerable in technical terms and constitute attractive targets to capable potential attackers because the impacts of an attack are likely to be great.”
The authors of the report include Karen Trapenberg Frick, Associate Professor in the Department of City and Regional Planning; Giselle Mendonça Abreu, PhD Candidate in the Department of City and Regional Planning; Nathan Malkin, PhD Candidate in the Department of Electrical Engineering and Computer Science (and recipient of the 2020 Cal Cybersecurity Fellowship); Alexandra Pan, a PhD Student in Civil and Environmental Engineering, and Alison E. Post, Associate Professor of Political Science and Global Metropolitan Studies. The research was supported by the CLTC Grants Program.
The term “smart city” is often used to describe the deployment of information and communication technologies (ICT) to improve urban services and infrastructure. Investment in smart city technologies is expected to reach $327 billion by 2025 (from $96 billion in 2019), according to 2020 research by consulting firm Frost & Sullivan. Yet critics of smart city technologies argue that introducing new technologies that increase the connectedness of service delivery systems and government operations with the internet can expose local communities to cyberattacks by a variety of malicious actors.
Cyberattacks on cities could generate significant damage, including the shut-down or compromising of vital services such as electricity or water. In numerous cases, ransomware attacks have even locked city staff from municipal computers and networks, bringing operations to a halt until large payments are made. Cyberattacks could also lead to the capture and misuse of citizens’ sensitive personal information or video footage of their activities. In January 2021, a cyberattack even allowed an outsider to temporarily alter chemical concentrations in a local water supply system.
In their report, the researchers asked experts to evaluate the respective risks of cyberattacks across technologies by considering not only the technology itself, but also the interests and capabilities of those who may carry out attacks, and the potential impact of successful attacks if they do occur.
“Local officials receive a barrage of information about ‘smart city’ solutions to problems such as traffic congestion, crime, and inefficient use of power and water,” says Alison E. Post, Associate Professor of Political Science and Global Metropolitan Studies at UC Berkeley, one of the report’s co-authors. “How should they consider the risks of cyberattack that such new systems may introduce? This report will help local-level policymakers better understand how cyber-risks vary among different smart city technologies.”