https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


News

UC-Berkeley survey shines light on cybersecurity concerns surrounding smart-city technologies

UC-Berkeley survey shines light on cybersecurity concerns surrounding smart-city technologies

  • Written by Donny Jackson
  • 5th April 2021

Sensor-based Internet of Things (IoT) technologies can introduce significant cybersecurity vulnerabilities to jurisdictions, and this risk factor should be considered by decision makers as they determine whether to proceed with smart-city initiatives, according to researchers from the University of California-Berkeley.

Entitled “The Cybersecurity Risks of Smart-City Technologies: What do the experts think?” the white paper—written by an interdisciplinary team of UC-Berkeley cybersecurity and civil-engineer academics—outlines the results of a survey with 76 cybersecurity professionals conducted between July 2020 and October 2020.

“According to our survey, not all smart city technologies pose equal risks,” the white paper states. “Cybersecurity experts judged emergency alerts, street video surveillance, and smart traffic signals to be riskier than other technologies in our study.

“Local officials should therefore consider whether cyber-risks outweigh the potential gains of technology adoption on a case-by-case basis, and exercise particular caution when technologies are both vulnerable in technical terms and constitute attractive targets to capable potential attackers because the impacts of an attack are likely to be great.”

Alison Post, a co-author of the white paper and a UC-Berkeley associate professor of political science and global metropolitan studies, said she does not believe cybersecurity risks should undermine smart-city strategies entirely, but they deserve more nuanced consideration than they have in many cases in the past.

“For a local government or a special district that’s interested in thinking about adopting one of these technologies, rather than having a blanket approach to thinking about cyber risk, they really need to evaluate technologies on a case-by-case basis,” Post said during an interview with IWCE’s Urgent Communications.

“In doing so, they need to think not only about the underlying technical vulnerabilities of the system—what does the attack surface look like, how many interdependencies there are within the system, etc.—but they also need to think about whether the most effective actors, like nation-states or insiders that might want to wreak havoc, would be interested in the sort of impact that a cyberattack on that type of system could have.”

With this in mind, the cybersecurity measures for smart-city technologies may not need to be as strong in some areas as others, according to Post.

“You could have a system that may be vulnerable, but no one is drawn to it—in terms of an attack—because the impact is not likely to be very great,” she said. “When you’re thinking about these risks, you need to be thinking about these three things together: who is likely to be interested; what the potential impact of an attack would be; as well as the underlying technical vulnerabilities.”

With this in mind, the top technology of concern was a potential hack of emergency and security alert systems, with associated comments from the respondents explaining why, Post said.

“The comments that we received in the open-ended responses really highlighted the potential impact and mayhem that the attacks on the systems could produce,” Post said. “Particularly for the emergency and security alert systems, there was both a concern about the immediate impact—a panic in which everyone is trying to leave a city right as there is some sort of warning about an emergency that is, in fact, not happening.

“Then there is a second-order effect on public trust. If there is a fake alarm and then people learn about it, then they become less trusting of the system overall. We had a large number of comments pointing in that direction.”

One concern raised by some in the technology communications about smart-city initiatives is the procurement process followed by many jurisdictions. With many of these projects focused on functionality, efficiencies and costs savings, security factors may not be emphasized—or ignored entirely—and vendors may submit bids that skimp on cybersecurity measures in an effort to submit the lowest-cost bid, sources have said.

“One of the recommendations that we would make … is to make sure that cybersecurity figures very prominently in the evaluation criteria for procurement and that you have in-house expertise to be able to evaluate the proposals that come in from vendors,” Post said, noting that agencies should coordinate their procurements with the jurisdiction’s IT department rather than conducting it on their own.

“That’s a matter of utilizing the expertise you actually do have more effectively.”

Post said the survey respondents were targeted cybersecurity professionals who were asked to provide opinions from their experiences.

“We basically did not let them rate cybersecurity risks for technologies with which they said they were unfamiliar,” Post said during an interview with IWCE’s Urgent Communications.

Because the survey was conducted from July 2020 to October 2020, the survey responses do not include the context of high-profile cybersecurity incidents, including increased ransomware activity, the attack on a water-treatment plant in Oldsmar, Fla., and the massive SolarWinds compromise that have become public after the survey was finished. If the survey was conducted today, knowledge of these incidents could impact the results, Post said.

“I think—quite understandably—people are much more aware, because of these prominent cases that have emerged,” Post said. “As a result, they’re much more concerned; it’s much more on the radar. At the same time, I think the basic message of our report—that cyber risks actually vary pretty significantly across different smart-city technologies—still holds.”

Post said the UC-Berkeley team has no plans to conduct a follow-up survey, but they are continuing to pursue the topic of the impact of cybersecurity on smart-city efforts. The team is in the process of writing a full report about the survey results—a report that will feature more of the comments provided by survey respondents—and getting more details about the highest-risk use cases.

“We’re doing case studies on particular technologies and speaking with individuals who have expertise in particular technologies, as opposed to continuing the survey approach, because we thought the case studies would complement the survey analysis,” Post said.

“We are focusing on smart metering within the water sector and these emergency and security alerts that came out as the top ranked among the nine technologies that asked cybersecurity experts to characterize.”

As alarming as some of the cybersecurity concerns are, Post said she does not believe they will cause jurisdictions to halt smart-city initiatives entirely.

“That’s a good question, and we’ll have to see,” Post said. “But there are some forces that push in the direction of adopting these technologies—the shift to remote work and the push toward transparency in government operations, which means putting more things online. Both of those push in the direction of utilizing more of these technologies than previously.

“Also, some of these technologies can assist with conservation, while others potentially can introduce cost savings. So, there are both pluses and minuses, with the minuses being potential obsolescence and variety of other things. Again, it’s going to come to a consideration of the costs and benefits in the case of particular technologies.”

 

Tags: homepage-featured-4 Alerting Systems Analytics Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Funding Incident Command/Situational Awareness Internet of Things IoT/Smart X News Policy Public Safety Regional Coordination Security Software State & Local Government Subscriber Devices System Design System Operation Test & Measurement Tracking, Monitoring & Control Video News

Most Recent


  • Sesame Solar leverages mobile solar, hydrogen to power efforts beyond the grid
    Michigan-based startup Sesame Solar recently launched the latest version of its easily deployable nanogrids that promise to deliver electric power indefinitely—without the need for diesel-powered generation—via complementary solar and hydrogen-fuel-cell technologies, according to company co-founder and CEO Lauren Flanagan. “What we’re announcing is the world’s first 100% renewable, mobile emergency-response nanogrid,” Flanagan said during an […]
  • UC-Berkeley survey shines light on cybersecurity concerns surrounding smart-city technologies
    Newscan: On front lines, communications breakdowns prove costly for Ukraine
    Web Roundup Items from other news organizations On front lines, communications breakdowns prove costly for Ukraine Recording between dispatcher, firefighters gives new insight into human-smuggling tragedy Updated digital forensics database speeds criminal investigations Frontier Communications facing questions after rural Arizona 911 outage 911 center software can interpret any language used in text message CISA: Switch […]
  • China-backed APT pwns building-automation systems with ProxyLogon
    A previously unknown Chinese-speaking advanced persistent threat (APT) is exploiting the ProxyLogon Microsoft Exchange vulnerability to deploy the ShadowPad malware, researchers said — with the end goal of taking over building-automation systems (BAS) and moving deeper into networks. That’s according to researchers at Kaspersky ICS CERT, who said that the infections affected industrial control systems […]
  • Samsung fills its 2G hole in new challenge to Ericsson and Nokia
    “If you can make gigabit speeds through software on vRAN, how difficult can 2G be?” said Woojune Kim, Samsung’s global head of sales, when confronted at this year’s Mobile World Congress with the 2G hole in its product portfolio. Three months since then, “not that difficult” seems to be the answer, although the virtualized 2G […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Florida city says water system hacked, warns critical-infrastructure community
  • Water-utility hack could inspire more intruders
  • Addressing IoT security challenges from the cloud to the edge
  • Ransomware? Let's call it what it really is: extortionware

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Sesame Solar leverages mobile solar, hydrogen to power efforts beyond the grid dlvr.it/ST8m3K

1st July 2022
UrgentComm

Newscan: On front lines, communications breakdowns prove costly for Ukraine dlvr.it/ST7fnC

30th June 2022
UrgentComm

China-backed APT pwns building-automation systems with ProxyLogon dlvr.it/ST6q7m

30th June 2022
UrgentComm

Samsung fills its 2G hole in new challenge to Ericsson and Nokia dlvr.it/ST6hBK

30th June 2022
UrgentComm

Militarized drone swarms coming dlvr.it/ST6dNz

30th June 2022
UrgentComm

Take American City & County’s budgeting survey dlvr.it/ST6Yxb

30th June 2022
UrgentComm

Final cases made about Airwave, ESN, before CMA issues provisional decision on Motorola Solutions dlvr.it/ST4Q6X

29th June 2022
UrgentComm

Polaris Wireless: Manlio Allegra talks 911 Z-axis tech, future IoT opportunities dlvr.it/ST1384

28th June 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X