Watch out for hackers, Britain's spy agency tells smart cities

Cities embracing technology to improve urban life risk falling prey to hackers, Britain's cyber security agency warned on Friday, urging local authorities to ensure smart cities are armed with digital defences.

Criminals and foreign governments can target technologies deployed to improve city services such as sensors and internet-connected devices to steal sensitive data and cause disruption, said Britain's National Cyber Security Centre (NCSC).

"New digital technology is going to improve our lives and help protect the environment, but it is essential we take steps now to make connected places more resilient to cyber attacks," Digital Infrastructure Minister Matt Warman said in a statement.

From sensors monitoring pollution to traffic lights designed to cut congestion, technology can help cities cut planet-warming emissions and make services more efficient, the NCSC said, as it published new cyber security guidance for local authorities.

But as more services become interconnected, the risks increase, said the NCSC - the tech security arm of Britain's eavesdropping agency GCHQ, warning that failures could lead to "breaches of privacy" and even "endanger" residents.

"The 'smarter' cities become, the more valuable a target they will become because more data will be available to compromise and more disruption can be caused," said Alexander Hicks, a computer science researcher at University College London (UCL).

To illustrate the risks, NCSC Technical Director Ian Levy cited cult 1969 film "The Italian Job", in which a professor creates a gridlock by switching magnetic storage tapes used for traffic control, allowing thieves to escape with a haul of gold.

"A similar 'gridlock' attack on a 21st century city would have catastrophic impacts on the people who live and work there, and criminals wouldn't likely need physical access to the traffic control system to do it," Levy wrote in a blog post.

Some cities around the world have already suffered from crippling hacks.

Last September, German prosecutors opened a homicide investigation after a woman died when her ambulance had to be diverted because the first hospital it arrived at in Duesseldorf was unable to admit her due to a cyber attack.

And in 2019, hackers demanding ransom shut down the cyber network of Johannesburg City Council, months after hitting the South African city's energy distribution company, in an attack that left customers struggling to access a number of services.

Such recent incidents have been a wake-up call for businesses and authorities, which have often prioritised developing new tech services over security, said Enrico Mariconti, a lecturer in security and crime science at UCL.

"For a very long time security has been the annoying part when creating a product," he told the Thomson Reuters Foundation in an online interview.

"What we're seeing now is that with breaches becoming more and more common, the cost of designing from the beginning something more secure is much less than that of getting hit just once."