Smart cities sound amazing, but will we be ready for a cyber 9/11?

The standard phrase is the “Internet of Things” because the basic idea is to use the internet to link up pretty much all the “things” on the planet. If you want a more technical description, you can talk about “cyber-physical systems”,  which does neatly capture what is going on, since we are plugging “cyber systems” into “physical systems” and making hybrids.

But the hot term capturing focus today is “smart cities”, because it’s in the highly concentrated city environment that much of this technology is being installed. 

The passive explanation goes like this: “A smart city is an urban area that uses different types of electronic data collection sensors to supply information used to manage assets and resources efficiently.”¹ But there’s a thoroughly active side too. Once self-driving cars and trucks take to the roads, the integration of sensors and vehicles and enormous quantities of data is set to revolutionise our urban environments.²

Some observers find the role played by the private sector to be a disturbing feature of this unfolding future. As we noted here on UnHerd³, the recently announced plan by Google and the city of Toronto to install a purpose-built “smart city” development raises this question acutely. 

Smart about cybersecurity?

But overshadowing all concerns lies the issue of security.

We’ve become used to announcements that hackers have broken into our data in company after company – and also in government departments⁴. The Yahoo hack was probably the biggest, involving billions of records. The Equifax hack of American citizens’ financial secrets may have been the most worrying in the private sector. In the public sector, the US government’s personnel department – the Office of Personnel Management – lost more than 20 million records, probably to the Chinese (and including large numbers of highly secret security clearances). The UK’s National Health Service, recently hit by the WannaCry virus, seemed oblivious to what an official post-mortem called “basic” precautions.

When personal data is hacked, people worry that their financial identities may be stolen – though the more common it becomes, the less we fret.

In a cyber-physical system, the stakes are much higher. Many people woke up to this threat when, back in 2015, a Jeep Cherokee driving down a US highway was hacked and came close to crashing as the hackers took control of the car⁵.

“No 9/11 yet”

At an Internet of Things conference last month⁶, the chief legal officer of BlackBerry took to the stage with a startling warning. Unusually for a C-suite exec, Steve Zipperstein started his career as a US federal prosecutor. And he had blunt words for the assembled industry leaders, tech gurus and policymakers in Washington’s National Press Club. 

“We have not yet had our cyber 9/11.” 

The opportunities for disruption being presented by the connectedness of the Internet of Things get greater the more connections there are. A hack – by terrorists, an unfriendly foreign state, or merely crazy people – of “9/11” dimensions is not unthinkable.

That’s one reason widespread cybersecurity incompetence in lesser matters, like what happened inside the NHS or the US Office of Personnel Management, is so disturbing. Once the systems are “cyber-physical”, cities will be as vulnerable as that Jeep Cherokee.

If we want our cities to be truly smart, we need smarter people running security.

READ MORE

Smart Cities Council

IEEE smart city site

US Department of Homeland Security

---

Nigel Cameron writes about technology, society, and the future. In 2007 he founded the Washington think tank The Center for Policy on Emerging Technologies. His most recent book is Will Robots Take Your Job?

nigelcameron