From the dangers of copycat WiFi hotspots to the perils for personal information

‘Smart cities connect physical infrastructure with information technology, but are we ready for the accompanying Big Data and cybersecurity challenges?’ Here, Professor Kamal Bechkoum, Head of the School of Computing and Engineering at the University, gives his thoughts:

Today’s urban environments are packed with technology that receives, processes and transmits data on a 24/7 basis and connected places. These ‘smart cities’ are widely acknowledged as offering tangible benefits for the people who live in them, ranging from better traffic management and pollution control, through to improved security, public transport and intelligent street lighting.

According to research conducted for UK Parliament, after £24 million of public funding in 2013, the ‘Future City Glasgow’ project reported an initial return on investment of £144 million by 2017 and predicted substantially larger ongoing benefits.

The UK’s ambition in this area is to be an early adopter and leader in smart city development, with Government investment including £5 billion in 2020 to make gigabit-capable broadband available nationally, and £50 million in 2021-22 to demonstrate the potential benefits of 5G technology.

In addition to Glasgow, other UK cities implementing smart city projects include Belfast, Birmingham, Bristol, Hull, Manchester, Milton Keynes, London and Peterborough.

However, as with all new technological advances, there are significant barriers to adoption that need careful consideration if the UK is to be fully ready and able to adopt smart city life.

Chief amongst these obstacles is a lack of technical skills, local authority funding, regulatory hurdles for large-scale projects, and low public trust in digital initiatives.

The UK Parliament Smart Cities Research Briefing adds: “Security and privacy concerns have been raised about the use of smart city technologies, particularly those that collect data about citizens’ behaviour, public services or critical infrastructure.

“Some projects have been criticised for prioritising the implementation of new technologies over citizens’ needs, and the degree of influence that smart city technologies may allow industry.

“Additionally, smart city projects may raise issues for inequality, for example, if the benefits or projects are not experienced equally by rural and urban communities, of if they disadvantage those without digital skills or access to digital technology such as smart phones.”

Big data and cyber threats

In particular, the gathering of ‘big data’ and associated privacy concerns, plus ever-growing cybersecurity threats, hang ominously over issues affecting all of our lives and lead to the inevitable question: ‘Are we ready for smart city life?’

The UK’s expanding population means that economic resources are increasingly stretched in many areas and fast-moving technology, artificial intelligence (AI) and the Internet of Things (IoT), are all viewed as providing necessary opportunities and solutions to modern living.

Despite this, revelations in the 2010s that personal data belonging to millions of Facebook users was harvested without consent by UK consulting firm Cambridge Analytica for use in political advertising, fuelled concerns over how companies use our accumulated data.

On average we create 2.5 quintillion bytes of data, or one billion billion bytes, every day.

Smart cities gather vast quantities of this ‘big data’ from digitally-linked objects and our online activities, and then use this to improve new services and products that aim to make city living better.

Although this offers the potential to transform our lives, it also comes with the same privacy concerns posed by any large-scale digital transformation.

While tracking, monitoring and automated systems can enhance safety, productivity and cost-effectiveness, potentially unethical and ongoing surveillance, along with the ever-present threat of cybersecurity breaches, can equally negatively impact people’s lives in new and unexpected ways.

The Cityware project, for example, tracked the physical interactions of 30,000 people using a combination of Facebook profiles and smartphone signals, resulting in reports that almost 250,000 owners of Bluetooth devices, mostly mobile phones, were spotted by Cityware scanners worldwide.

Privacy International, a UK charity with a stated aim of ‘defending and promoting the right to privacy across the world’ puts it like this: “Next time you’re lured into a coffee joint with the promise of free WiFi, be aware that what you are doing online could potentially be exposed, especially, as is often the case, if the WiFi network does not require a passcode to get online.

“Unsecure networks like this make it easier for cybercriminals to eavesdrop on what you do online. You should also be aware of ‘rogue’ WiFi hotspots, which might deliberately use a name similar to the coffee shop you’re currently sitting in but has nothing to do with them. So be careful before you connect to ‘Stirbucks_wifi.’” It’s an easy slip-up to make.

Data generated by smart city infrastructure can even be culled from sources such as unprotected parking garages, EV charging stations or surveillance feeds, all of which offer cyber attackers targeted personal information that could be exploited for fraudulent transactions and identify theft.

Staying smart on cybersecurity

In 2018 the US city of Atlanta was all but crippled by ‘SamSam,’ a brutal ‘ransomware’ bug that lasted for almost two weeks and saw 30% of the city’s mission-critical software applications affected.

A ransom of $55,000 worth of bitcoin in payment was demanded but the city declined to pay it.

Months later, Atlanta was still reported as reeling from the aftermath of the sustained malicious software attack, with police and legislative evidence being among the worst hit. City officials reported a decade’s worth of legal documents and years of police dashboard camera evidence were wiped from computers, resulting in far-reaching consequences.

A lack of sufficient information and security expertise is a major barrier for smart city development and a huge challenge is to foster and align IT security awareness across projects and organisations.

In addition, those involved in the deployment of new solutions often understand IT, or Operational Technology (OT) hardware and software, but rarely both.

Security specialists working in these areas should have the ability to monitor, prevent and detect anomalies, and understand the full range of cybersecurity solutions.

The ‘smart manufacturing’ that comes with new city demands must also adopt new skill levels, including capabilities in network security, embedded systems and IT and OT security awareness. It is becoming increasingly difficult to find qualified specialists who encompass all of the above.

Securing interconnectivity between diverse devices is even more problematic when old technology is long past its support date. This makes the implementation of secure solutions that enable a smooth integration, such as gateways that transparently communicate with different networks, a vital part of any new protocols.

A strategy for the future

The weakest link in the chain can have detrimental effects for an entire urban environment. To address this, planners should always invest in the data security of their cities’ critical infrastructure to minimise risk and ensure reliable and secure smart systems.

In addition, they should employ frameworks that promote a common security language wherever possible, and feature protocols for ‘Industry 4.0’ – shorthand for industrial digitalisation – that:

• Identify specific security levels between cooperating partners and companies across a supply chain, covering the three essential cybersecurity components: People, processes and technologies
• Include rigorous, transparent, and replicable testing of all new tools and technologies before they are introduced

These points are the minimum steps to take when introducing smart city living protocols. Longer term, if the UK is to move forward in the current hybrid divide that exists between office and home-working driven by the COVID-19 pandemic, there is an urgent need for legislative authorities and organisations to address their digital transformation plans.

Ultimately these actions should be guided by a strategy which addresses data-gathering legalities and key cybersecurity components to ensure risk is appropriately managed at every stage of the process.

Protecting the Nation’s Critical Infrastructure’s Against Cyber Attacks is a key theme of this year’s University of Gloucestershire and C11 Cyber Security and Digital Innovation Centre ‘Cyber Tech Symposium’ on Thursday, 7 July 2022.