The National Cyber Security Centre, a branch of the UK Government Communications Headquarters (GCHQ), has presented recommendations for local authorities telling them about the dangers of smart city technology, Report informs referring to the Financial Times.
Smart city technology designed to streamline public services could prove an “attractive target” for hostile states seeking to disrupt Britain’s infrastructure or steal sensitive data.
The document highlights the risk that overseas smart city technology suppliers may come under pressure to “access and exfiltrate data” on behalf of security and intelligence services in their countries of origin. Safety suggestions include cyber security and data protection measures, as well as tips on understanding threats posed by suppliers.
In a blog post accompanying the guidance, Ian Levy, the NCSC’s technical director, invokes the 1969 film The Italian Job, in which thieves recruit a professor to shut down Turin’s traffic control system to cause gridlock so they can rob a lorry full of gold bullion.
Levy’s blog explains that a “gridlock” attack now “would have catastrophic impacts”. “As these [smart cities] become increasingly joined up, the ubiquity of the services they provide will likely make them a target for malicious actors,” the blog reads.
Local government analysts estimate the number of potentially risky smart city contracts identified within UK local authorities is in single digits. The Bournemouth example prompted concern because, under the contract, Alibaba would have managed and controlled large volumes of data, according to people briefed on the scheme.
A separate partnership report published in late 2018 cited “global heavyweights” including Alibaba and Chinese telecoms company Huawei as members of the region’s smart city consortium.
The Alibaba deal was quashed in 2019 after intervention from central government, said two people familiar with the discussions. Bournemouth council did not comment on the cancelled contract but said “data security and safeguarding personal information” would be “integral” to its forthcoming smart place scheme.