UK government warns of smart city systems that could be hacked

The UK’s Department for Science, Innovation and Technology (DSIT) has launched the first version of a playbook on how to protect ‘smart cities’ against cyber threats.

The guide is part of the government’s National Cyber Strategy and comes as cities increasingly integrate connected technologies and Internet of Things (IoT) devices. The goal is to collect and analyse data to improve services such as transport, energy and health, but there are also cybersecurity risks.

“This playbook will help local authorities set a foundation to protect themselves against would-be cyber threats,” a DSIT statement said.

“Given the large amount of data they collect, the interconnected nature of their systems, and the potential impact on local infrastructure, connected places can be attractive targets to hostile actors.”

Example scenarios in the playbook include a hacked traffic light prioritisation system that could cause road chaos and risk lives. In-home health monitoring could be abused for criminal or commercial gain, with attackers targeting victims based on their activity patterns. EV chargers also need to be protected – a malicious actor could sequence all chargers in the network to draw a large current simultaneously, causing power outages.

Researchers from the Center for Long-Term Cybersecurity at the University of California, Berkeley previously ranked emergency alerts, video surveillance tools and smart traffic lights as among the most vulnerable smart city technologies.

Practical guidance

Viscount Camrose, Minister for Cyber, AI and Intellectual Property, said: “Connected places offer enormous benefits for the entire country, not just through improved public services for our communities, but through new innovations which will unlock better-paid jobs and grow our economy.”

He said the guide offers “practical and accessible support to local authorities as we work collaboratively to grow secure and sustainable connected places across the UK.”

The Secure Connected Places Playbook  was created in collaboration with a group of local authorities, including Bradford, Westminster, Dorset, Perth and Kinross, Merthyr Tydfil County Borough and the South London Partnership.

It aims to help local authority teams who are working on smart city projects, including non-technical members, to get their cybersecurity foundations right and set a strong security culture in the process.

The guide comprises four resources covering topics including governance, procurement and supply chain management and how to conduct a good threat analysis.

DSIT said the guide is an ‘alpha version’ and subject to testing and further iteration. It is intended to complement existing smart city guidance published by the National Cyber Security Centre.

Research published earlier this month found that six in ten senior leaders at UK councils said their approach to cybersecurity is “outdated”.