For so many years we are only thinking about how you would prepare ourselves for  an earthquake, a flood, or a storm. Now, security researchers want you to think about how to respond to cyber-attacks, as well.

A great global initiative called Securing Smart Cities (SSC) is a not-for-profit initiative that  aims to solve the existing and future cybersecurity problems of smart cities through collaboration between companies, governments, media outlets, other not-for-profit initiatives and individuals across the world. So far, they have done so by raising awareness about the vulnerability of smart cities–towns that implement Internet-based technology. For instance, 

  • Sensors send data to connected traffic lights and cars adjusting light cadence and timing to respond to real-time traffic, thereby reducing road congestion. 
  • Connected cars can communicate with parking apps to help residents find parking and electric vehicle (EV) charging docks and direct drivers to the nearest available spot. 
  • Automatically data is sent by smart garbage cans to waste management companies and schedule pick-up as needed.
  • And citizens’ smartphone becomes their mobile driver’s license and ID card with digital credentials, which speeds and simplifies access to the city and local government services. 

Together, these smart city technologies are optimizing mobility, infrastructure, public services, and utilities.

Cesar Cerrudo, chief technology officer at security research firm IOActive Labs, says cities are unprepared for attacks on these systems. A board member for SSC, Cerrudo provides the non-profit with information on smart city security (or lack thereof). “What would commute look like with non-functioning traffic control systems, no street lights, and no public transportation?” he writes in his 2015 research paper. “How would citizens respond to an inadequate supply of electricity or water, dark streets, and no cameras?”

President Obama signed an executive order that set voluntary guidelines to help the government and private companies prevent cyber-attacks, but Cerrudo says cities are still not safe. He points out a number of security issues, including wireless devices that aren’t properly encrypted, a lack of computer emergency response teams, and insufficient or nonexistent security features.

Sean Sullivan, a security analyst at F-Secure, said smart cities are “highly hackable,” but he believes pranks are more likely than huge cyber-attacks. In 2012, the Placer County Court in California accidentally summoned 1,200 people to jury duty because of a computer glitch, causing a major traffic jam.

Cyber-attacks can have much larger impacts than just frustrated jurors and highway congestion, however. A few months ago, unauthorized individuals gained access to the emails of Beacon Health Systems, exposing private patient information. The IRS announced that criminals gained access to information on approximately 100,000 tax accounts, and this data included Social Security information, birth date and street address.

In his paper, Cerrudo recommended for making smart cities more secure, including creating city-specific emergency response teams, running regular penetration tests on city networks and systems, and implementing fail-safe and manual overrides on system services. SSC says his research offers “a practical approach to the security of smart cities,” and advises different security measures all major cities can take. To help address these vulnerabilities even further, the SSC project has also called for collaboration between corporates, governments, the media, and other non-profit institutions and individuals. Cerrudo writes: “Much work is needed, but cities can get started using these steps that can make a big difference in the current situation.”