Watch out for hackers, Britain's spy agency tells smart cities

by Umberto Bacchi | @UmbertoBacchi | Thomson Reuters Foundation
Friday, 7 May 2021 14:03 GMT

ARCHIVE PICTIRE: A person uses the Citizen Earth app whilst standing on a Pavegen technology footpath on a 'smart street' in central London, Britain, July 28, 2017. REUTERS/Hannah McKay

Image Caption and Rights Information

British cyber security agency calls on local authorities to beef up defences to prevent 'Italian Job'-style attacks

By Umberto Bacchi

May 7 (Thomson Reuters Foundation) - Cities embracing technology to improve urban life risk falling prey to hackers, Britain's cyber security agency warned on Friday, urging local authorities to ensure smart cities are armed with digital defences.

Criminals and foreign governments can target technologies deployed to improve city services such as sensors and internet-connected devices to steal sensitive data and cause disruption, said Britain's National Cyber Security Centre (NCSC).

"New digital technology is going to improve our lives and help protect the environment, but it is essential we take steps now to make connected places more resilient to cyber attacks," Digital Infrastructure Minister Matt Warman said in a statement.

From sensors monitoring pollution to traffic lights designed to cut congestion, technology can help cities cut planet-warming emissions and make services more efficient, the NCSC said, as it published new cyber security guidance for local authorities.

But as more services become interconnected, the risks increase, said the NCSC - the tech security arm of Britain's eavesdropping agency GCHQ, warning that failures could lead to "breaches of privacy" and even "endanger" residents.

"The 'smarter' cities become, the more valuable a target they will become because more data will be available to compromise and more disruption can be caused," said Alexander Hicks, a computer science researcher at University College London (UCL).

To illustrate the risks, NCSC Technical Director Ian Levy cited cult 1969 film "The Italian Job", in which a professor creates a gridlock by switching magnetic storage tapes used for traffic control, allowing thieves to escape with a haul of gold.

"A similar 'gridlock' attack on a 21st century city would have catastrophic impacts on the people who live and work there, and criminals wouldn't likely need physical access to the traffic control system to do it," Levy wrote in a blog post.

Some cities around the world have already suffered from crippling hacks.

Last September, German prosecutors opened a homicide investigation after a woman died when her ambulance had to be diverted because the first hospital it arrived at in Duesseldorf was unable to admit her due to a cyber attack.

And in 2019, hackers demanding ransom shut down the cyber network of Johannesburg City Council, months after hitting the South African city's energy distribution company, in an attack that left customers struggling to access a number of services.

Such recent incidents have been a wake-up call for businesses and authorities, which have often prioritised developing new tech services over security, said Enrico Mariconti, a lecturer in security and crime science at UCL.

"For a very long time security has been the annoying part when creating a product," he told the Thomson Reuters Foundation in an online interview.

"What we're seeing now is that with breaches becoming more and more common, the cost of designing from the beginning something more secure is much less than that of getting hit just once."

Related stories:

Data tools boost U.S. campaigners push for racial equity 

Facebook, Twitter Trump bans: what are the rules?

Spotify urged to rule out 'invasive' voice recognition tech 

(Reporting by Umberto Bacchi @UmbertoBacchi in Tbilisi; Editing by Helen Popper. Please credit the Thomson Reuters Foundation, the charitable arm of Thomson Reuters, that covers the lives of people around the world who struggle to live freely or fairly. Visit http://news.trust.org)

Our Standards: The Thomson Reuters Trust Principles.