top of page

Cybersecurity and Smart Cities

Who is responsible when the smart city crashes?

Charles Parker, II

Society is becoming ever-more connected on a daily basis. Consumers are able to check email

from virtually anywhere, including the home, other’s homes, work, when getting coffee, when driving,

etc. The portals (Wi Fi) are present in the person’s homes, office building, grocery stores, coffees shops,

vehicles, and many other types of locations. This rather not exhaustive list does not even include the

person’s smart phones. In another facet of connective-ness, vehicles are significantly connected with

GPS, blue tooth, internet, and many other services. As an extension, autonomous vehicles are being tested

now on the public streets with passengers. These are planned to be in place on certain levels within the

next few years. These advances are fantastic for our society. The mass communication and knowledge

flow with this are much faster and efficient than prior methods. This increase in convenience as the

equipment takes over our tasks

An aspect of this nouveau way of life and culture has not been researched or architected

sufficiently. Information Security is the facet that underlies and is the baseline for these connected items

and equipment. Without a firm application of security throughout the development process, there tends to

be significant issues at the end of the project, when security is consulted and treated as a bolted on

addition to the massive project. Granted these new programs presently provide and will continue to

provide a substantial benefit, however InfoSec still needs to be applied. Too often though this is viewed

as an inconvenience or a speed bump in progress in comparison to a necessity to keep people safe. This

view has created issues across industries.

What brought this idea to light was a quote from Dr. Simon Moores, as he presented at a IFSEC

International conference. Dr. Moores has been credited with stating “Who’s responsible when a smart city

crashes?” This is an interesting topic, yet in its full application, a bit harrowing. The smart city, in its full

application, would integrate every aspect of a person’s experience possible to an automated state. This

would not only include public Wi Fi, but the traffic lights monitoring the traffic flows along with

pedestrian foot traffic. The system would optimize the traffic and pedestrian flows so the efficiency is

realized with the vehicles and better the pedestrian safety. The other aspects would also be fully

integrated so enrich the user experience. If the InfoSec is not thoroughly applied throughout the system

and endpoints, the issues in theory could provide for numerous dangerous situations for the people and

the interaction with vehicles. The system could be attacked with the end goal of directing the traffic lights

at select times to authorize the users to walk into the traffic three seconds prior to the vehicle receiving

their green light.

This may be done through the wireless communication channels. This may present a secured

method for the nodes and module endpoints to communicate, however this may not be as secure as the

standards recommended. The network structure may also not be appropriate for the use case. These

sources and others may inadvertently create attack points that may or may not be easily compromised.

With systems like this that will be utilized, there are a myriad of potential vulnerabilities. If a

group were to be substantially industrial and wanted to provide the rather large list, the group would need

to check the network in various manners to understand if there are issues in the various network areas, Wi

Fi, monitoring devices, and the other pieces of hardware deployed throughout the city. The maintenance

on the entirety of these systems would require a regular program. Any maintenance issues with the

equipment potentially would create a dangerous situation for the vehicles and pedestrians, along with

additional attack points for the system.

If, due to a compromise or other condition, the network were to cease operating or operating at a

severely reduced level, there would also be significant problem with finding the issue and fixing this such

that the system would be completely operating at 100%. This has the distinct potential to be a massive job

for the group tasked with it. During the time spent to find the issue and correct it, the city would be not

operating, or in the least operating at a significantly reduced level. With the chaos that erupts through this

period, people would be at in harm’s way. There are many examples of what could happen during this


InfoSec needs to be developed alongside the protocols, network, and system. With incorporating

these from the beginning, the end product clearly would have a greater level of security in comparison to

other products.


Featured Posts
Check back soon
Once posts are published, you’ll see them here.
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page