How easy is it to take out a smart city?

How vulnerable is your city? 

WHEN is a smart city not so smart? With cities worldwide racing to adopt technologies that automate services such as traffic control and street lighting, many aren’t doing enough to protect against cyberattacks.

That’s according to security researchers who have hacked into countless pieces of city infrastructure, from ATMs to power grids, looking for weaknesses.



Inspired by how hackers switched traffic lights at will in Die Hard 4.0, Cerrudo decided to see if he could do the same to a smart traffic control system in use around the world. He found that the devices didn’t use any encryption or authentication, and he could feed fake data to their sensors from a drone flying overhead.

Cerrudo thinks the worst-case scenario would be if hackers took out the power grid. Although not caused by malign intent, he points to the blackout that affected the north-east US in August 2003 as an example. Caused by a software bug, it resulted in 10 million people without power, and 10 deaths from fires and accidents.

Another approach would be to black out areas of a city by manipulating smart power meters. Cerrudo imagines a situation in which hackers take out the smart grid and demand a ransom in return for restoring power.

How can we make smart cities safer? What’s needed is a holistic approach to cybersecurity, says Conti.

Another problem is that many companies selling technology to cities are new to the software business. While established software companies have good security mechanisms in place, manufacturers of some recent internet-connected devices have been reluctant to let Cerrudo and others test their products.

Cerrudo says cities need to develop plans for responding to cyberattacks, just as they have plans for earthquakes and other natural disasters.

“People should start complaining to the government and companies so they start taking care of this,” he says. “If no one says anything, nothing will change.”


Siehe auch The insurance implications of a cyber attack on the US power grid bzw. Simuliertes Wasserwerk wurde sofort angegriffen.