Is the UK prepared for smart city threats?

Business Insights

People across the UK are increasingly living in smart cities – urban spaces packed with technology that receives, processes and transmits data on a 24/7 basis.

But despite the very real benefits on offer, the threat of cyberattacks to homes and businesses is increasing, writes Professor Kamal Bechkoum, Head of the School of Computing and Engineering at University of Gloucestershire:

On average we create 2.5 quintillion bytes of data, or one billion billion bytes, every day. Smart cities gather vast quantities of this ‘big data’ from digitally-linked objects and our online activities, and then use this to improve new services and products that aim to make city living better.

In ‘connected places’ this might involve any ‘Internet of Things’ connected system, ranging from better traffic management and pollution control, through to improved security, public transport and intelligent street lighting.”

Smart cities gather vast quantities of this ‘big data’ from digitally-linked objects and our online activities, and then use this to improve new services and products that aim to make city living better.

Although this offers the potential to transform our lives, it also comes with the same privacy concerns posed by any large-scale digital transformation.

While tracking, monitoring and automated systems can enhance safety, productivity and cost-effectiveness, potentially unethical and ongoing surveillance, along with the ever-present threat of cybersecurity breaches, can negatively impact people’s lives in new and unexpected ways.

The Cityware project, for example, tracked the physical interactions of 30,000 people using a combination of Facebook profiles and smartphone signals, resulting in reports that almost 250,000 owners of Bluetooth devices, mostly mobile phones, were spotted by Cityware scanners worldwide.

Privacy International, a UK charity with a stated aim of ‘defending and promoting the right to privacy across the world’ puts it like this: “Next time you’re lured into a coffee joint with the promise of free WiFi, be aware that what you are doing online could potentially be exposed especially, as is often the case, if the WiFi network does not require a passcode to get online.

“Unsecure networks like this make it easier for cybercriminals to eavesdrop on what you do online. You should also be aware of ‘rogue’ WiFi hotspots, which might deliberately use a name similar to the coffee shop you’re currently sitting in but has nothing to do with them. So be careful before you connect to ‘Stirbucks_wifi.’” It’s an easy slip-up to make.

Data generated by smart city infrastructure can even be culled from sources such as unprotected parking garages, EV charging stations or surveillance feeds, all of which offer cyber attackers targeted personal information that could be exploited for fraudulent transactions and identify theft.

A new report from the Department for Digital, Culture, Media & Sport shows that while cyberattacks are becoming more frequent, only 13% of businesses are using managed IT providers to review security risks.

In addition the National Cyber Security Centre (NCSC), a part of GCHQ, has published guidance for local authorities on how to secure connected places and notes that critical public services need to be protected from disruption.

One of the biggest challenges for smart city progression is a lack of technical skills, local authority funding, regulatory hurdles for large-scale projects, and low public trust in digital initiatives.

Research has found that security and privacy concerns have been raised about the use of smart city technologies, particularly those that collect data about citizens’ behaviour, public services or critical infrastructure.

Smart city projects may also raise inequality issues if the benefits or projects are not experienced equally by rural and urban communities, of if they disadvantage those without digital skills or access to digital technology such as smart phones.

The weakest link in any chain can have detrimental effects for an entire urban environment. To address this, councils and city planners should always invest in the data security of their cities’ critical infrastructure to minimise risk and ensure reliable and secure smart systems.

It is important to employ frameworks that promote a common security language wherever possible, and feature protocols for ‘Industry 4.0’ – shorthand for industrial digitalisation – that:

  • Identify specific security levels between cooperating partners and companies across a supply chain, covering the three essential cybersecurity components: People, processes and technologies
  • Include rigorous, transparent, and replicable testing of all new tools and technologies before they are introduced

These points are the minimum steps to take when introducing smart city living protocols. Longer term, if the UK is to move forward in the current hybrid divide that exists between office and home-working driven by the COVID-19 pandemic, there is an urgent need for legislative authorities and organisations to address their digital transformation plans.

Ultimately these actions are best guided by a strategy which addresses data-gathering legalities and key cybersecurity components to ensure risk is appropriately managed at every stage of the process.

Protecting the Nation’s Critical Infrastructure’s Against Cyber Attacks is a key theme of this year’s University of Gloucestershire and C11 Cyber Security and Digital Innovation Centre ‘Cyber Tech Symposium’ on Thursday 7th July, 2022.