Back in the 1960s, Disneyland had a ride called ‘Autopia.’ It was a glimpse into the future of human cities and gave us a taste of what smart cities could be. Of course, everything on Autopia from its stoplight-less streets and smooth traffic control was pre-programmed. It was just a theme park ride after all.

However, this shows that humanity has had the idea of a smart city on its mind for a long time. This idea is something we are only recently able to make into reality. Just like the ride, smart cities help to create a ‘utopia’ where life is streamlined and less frustrating. Unfortunately, like with most good things, there are plenty of problems that could ruin the dream for millions and these are caused by the threat of cyber-attacks.

– Randomgbear

Tomorrowland, today

2018 has just begun but already many are expecting it to be the year of smart cities. Back in 2016 global city population was at an all-time high, and commute congestion was as bad as it had ever been. However, with the introduction of Internet of Things (IoT) devices, within both the city and vehicles themselves, we have begun to slowly make driving in the city a much easier experience, just like the way Autopia made it feel.

These devices provide everything from navigational advice and real-time traffic alerts to alternative route suggestions based on prevailing traffic conditions. We can rideshare, bike share and plan public transportation routes, and pay tolls with smartphones. Internet connectivity via personal devices is only the first step in a new wave of intelligent urban transportation technology.

Centralized urban technology hubs and associated apps are being developed to provide a wide range of services. One example is the introduction of card scanners on public transport, simplifying travel payment and removing the issue of not having exact change for the fare.

Centralizing and synchronizing traffic signals helps to smooth traffic flow, provide quicker response times for emergency vehicles and keep buses on schedule. Parking sensors have even been installed that will alert smartphone users to open parking spaces.

To have IoT devices work to maintain a smart city, it needs to collect and analyze personal data from the users so that it can tell what works and what does not. To be as effective as possible, they need to collect data from users about their movements, peak traffic times, transportation mode preferences, streetlight data, traffic camera data, payment options and more.

All this information then needs to be stored somewhere, whether this is a Cloud server or under the control of a municipal IT department. Doing this is a necessity, but the centralization of information and control of an entire municipal transportation system is putting a lot of eggs in a single basket. As we’ve seen though, putting so much precious data in one location is an invitation for trouble.

A city ransomed

2017 saw a rise in cyber-attacks that purposely target private data, whether to use as ransom or to release online and cause chaos.

Uber and Forever 21 were just two of the many companies to suffer massive data breaches in 2017 and in recognition of the very real risks to people’s personal information 2018 sees the introduction of the GDPR, a new regulation that will force companies to take more responsibility for the protection of customer data.

If enterprises want to continue the upkeep of smart cities then the basket that holds all this information must be designed for maximum security, controlled access and limited information portability.

According to Von Welch, Director of the Center for Applied Cyber Security Research at Indiana University: “We have a lot of companies making new devices for the urban Internet of Things that have not made computers or written software before.

”This is a critical warning to intelligent urban traffic planners. Get the IT security team involved early. There is great technology available to help protect and defend large centralized networks. Robust security requires many specialized appliances, so an intelligent connectivity solution should also be part of the initial plan.

Without properly planned network protection and rapid attack remediation, the commerce, movement and safety of entire cities could be vulnerable to a malicious breach. Traffic signals could be manipulated; electronic road signs could be hacked to provide misinformation; emergency responders could be blocked from trouble spots; funds could be stolen, or bank accounts compromised.

We’ve seen this already: in 2014, security researchers at the University of Michigan were able to hack traffic lights of nearly 100 intersections they found to have no security controls at all. That hack was just an experiment to point out the flaws, imagine if it was performed by someone with malicious intent.

This is all scary stuff but not impossible to manage. If proper network visibility, threat landscape reduction, data loss protection, data backup and employee training are planned and implemented early on, then Autopia may, in fact, be possible without opening the door to a municipal apocalypse.

Alastair Hartrup is global CEO of Network Critical