At this point, it seems like every so-called consumer smart device—from routers[1] and baby monitors[2] to connected thermostats[3] and garage door openers[4]—has been shown to have vulnerabilities[5]. But that same security crisis has also played out on a macro scale, exposing municipal works and public safety sensors to manipulation that could destabilize traffic lights, undermine radiation sensors, or even create a calamity like causing a dam to overflow because of tainted water level data.
Researchers from IBM Security and data security firm Threatcare looked at sensor hubs from three companies—Libelium, Echelon, and Battelle—that sell systems to underpin smart city schemes. Smart city spending worldwide is estimated to reach about $81 billion[6] globally in 2018, and the three companies all have different areas of influence. Echelon, for example, is one of the top[7] suppliers of smart street lighting deployments in the world.
Fundamentally, though, the systems the researchers analyzed are similar. By setting up an array of sensors and integrating their data, a municipality can get more nuanced insight into how to solve interconnected problems. These sensors monitor things like weather, air quality, traffic, radiation, and water levels, and can be used to automatically inform fundamental services like traffic and street lights, security systems, and emergency alerts.
'When they fail, it could cause damage to life and livelihood.'
Daniel Crowley, IBM X-Force Red
That last one might sound familiar; an accidental missile alert in January[8] sent Hawaii's residents scrambling, while a hack set off Dallas's tornado sirens[9] last year. In fact, those incidents and others like it inspired Daniel Crowley of IBM X-Force Red and Jennifer Savage of Threatcare to investigate these systems