Imagine this scenario: You’re driving down a city street at night on the way to a see a movie when all of a sudden everything goes black. There are no lights emanating from the downtown office buildings and the traffic signals at an upcoming intersection are shut down, too, causing drivers to suddenly stop their cars.
The city’s power infrastructure has just been hacked. All of the lights have stopped functioning, and you’re stuck in your car trying to navigate the chaos in darkness.
No, this is not a description of the new Mad Max movie, but rather the type of post-apocalyptic scenario that some security researchers believe could take place if hackers were to infiltrate our ever-growing smart cities. It’s also why a consortium of these experts launched a non-profit this week whose purpose is to help city officials plan for safer smart cities.
In a smart city, infrastructure like traffic signals and power grids can be connected together via wireless networks so that data can be generated and shared for the goal of creating more optimized city services.
The concept of a smart city has become mainstream enough that networking titan Cisco (CSCO) has plans to make a name for itself in the space. But the hype has also generated concerns that the technology underpinning these connected cities hasn’t been thoroughly tested for security holes.
Founded by researchers from security firms like IOActive Labs, Kaspersky Lab, Bastille, and the Cloud Security Alliance, the newly created Securing Smart Cities initiative aims to be a consulting service to local government officials who are looking to improve their city infrastructure with digital technology.
The non-profit will also act as a communication hub between government officials, companies, media outlets, and other nonprofits seeking to learn and share information pertaining to city cybersecurity. It’s similar to the recently launched Facebook ThreatExchange framework for companies wanting to share security-related data, except that its focus is on protecting cities, not businesses.
IOActive Labs CTO and Securing Smart Cities board member Cesar Cerrudo recently presented a session at the 2015 RSA Conference detailing some of the cybersecurity risks he has come across studying smart cities that the new nonprofit aims to alleviate.
“It’s only matter of time until attacks on city services and infrastructure become common,” Cerrudo said during the session in which he proceeded to list a litany of ways hackers can crack into town technology.
Regarding traffic signals, Cerrudo said that these devices can be easy to break into and he cited a team of security researchers who were able to hack into the traffic lights and controlling systems in a Michigan town due to weak encryption. Because of the connected nature of smart cities, once a hacker infiltrates one system, he or she could theoretically move to other parts of a city’s infrastructure, he continued.
Cerrudo also discussed how hackers breaking into city management systems—like the ones containing the locations of gas and water pipes throughout a town—could be tampered with, creating unforeseen calamities. Power grid infrastructure in the U.S. is already the target of various type of hacks.
He explained that bad guys could pump bad data into these systems and manipulate the maps and locations of gas pipelines, which could result in city workers being sent out to areas where possible pipeline explosions could take place if they were going to do construction work.
This is just a sample of the potential disasters that could take place in worst-case scenarios, and Cerrudo explained that there is hope to prevent these attacks. For one, he recommended cities create a checklist for software updates and patches to make sure their connected devices are up to date. He also said that cities should regularly tests their city networks and systems to ensure that there are no bugs lurking around or hidden vulnerabilities.
It’s these types of city infrastructure security checks and tests that the new Securing Smart Cities nonprofit will be hoping to spread to participants.
