Emergency alerts, street video surveillance, and smart traffic signals are the main cybersecurity risks for smart cities, according to a report by the Center for Long Term Cybersecurity at the University of California at Berkeley.

The center’s study found that despite general cyber concerns for cities, not all smart city technologies pose equal risks. The report, ‘The Cybersecurity Risks of Smart City Technologies: What Do The Experts Think?’ presented the results from a 2020 survey in which 76 cybersecurity experts ranked different technologies according to underlying technical vulnerabilities, their attractiveness to potential attackers, and the potential impact of a successful serious cyberattack.

The report sets out to help local-level policymakers decide which smart city technologies pose the strongest cybersecurity risks, and which ones they should or shouldn’t adopt. It concludes that local officials should consider whether cyber-risks outweigh the potential gains of technology adoption on a case-by-case basis. It adds that they should exercise caution when technologies are both vulnerable in technical terms and constitute attractive targets to potential attackers because the impacts of an attack are likely to be great.

Cyberattacks have created havoc in some cities

The term smart city typically describes the deployment of information and communication technologies (ICT) to improve urban services and infrastructure. GlobalData estimates the market for smart cities will be worth $833bn by 2030, up from $441bn in 2018.

Critics of smart city technologies worry that introducing new technologies that increase the connectedness of service delivery systems and government operations with the internet can expose local communities to cyberattacks from a variety of hackers.

Such attacks can generate significant damage, including the shut-down or compromising of vital services such as electricity or water. More than 40 US municipalities were victims of cyberattacks in 2019, with Baltimore a notable casualty from a ransomware attack that shut down the majority of the city’s servers and some government applications. The city declined to pay a ransom, and eventually lost $18m to direct costs and revenue shortfalls as a result of the attack.

Weighing up the cyber threats

The center’s report found that local officials receive a barrage of information about the application of smart city solutions to address problems such as traffic congestion, crime, and inefficient use of power and water. Their challenge is weighing up the risks of cyberattack for any such new systems they may introduce.

To help, the study created a risk assessment framework which considered questions on smart city technologies, such as the size of the attack surface, the complexity of the technology and what the consequences of a successful cyberattack might be.

While there were concerns about the cyber risks posed by emergency alerts, street video surveillance, and smart traffic signals, other technologies were considered to be less risky. In order of ranking (4th to 9th) they were water consumption tracking; smart tolling; public transit open data; gunshot detection; smart waste or recycling bins; and satellite water leak detection.

The future of smart cities

What future reports like this will have to consider is whether the very term ‘smart cities’ is now past its sell-by date in the wake of the Covid-19 pandemic. The idea of a few years ago of glossy smart cities humming with new technology and acting on data has been humbled by the experience of the last year, when the attack not came not from a cyber virus, but a real one.

A target term for the future might be ‘resilient’ rather than smart cities. Time will tell how resilient they will actually be.