Close
Updated:

Balancing Cybersecurity Threats in Smart Cities: Is the Potential Convenience of “Smart” Intersections Worth the Risk?

The term “smart cities” has become popular parlance for municipalities’ attempts to enhance delivery of urban services and infrastructure through information and communications technology. While they may conjure images of neon-lit high rises or streetscapes populated by sleek, hovering vehicles, a bit like the 1960s-era The Jetsons cartoon envisioned our high-tech future, the reality of smart cities has begun to emerge in more subtle, less glamourous forms. Cities tend to focus on wastewater monitoring, traffic control and energy distribution technologies in their efforts to become incrementally “smarter.”

Smart cities lean heavily on automation, internet connectivity and the Internet of Things (IoT)—including smartphones, connected cars and a host of web-based appliances and utilities—to boost the delivery and quality of essential urban services and infrastructure like transit, sanitation, water, energy, emergency response and more. Successful smart cities need infrastructure that supports such connectivity, and they pull data from hundreds, or even thousands, of sensors that can be used to analyze and shepherd the direction of resources.

Leaders are grappling with balancing the benefits of this constant data monitoring with the concomitant safety and privacy risks to citizens. For example, traffic signals  tend to be particularly susceptible to hacking, yet it’s possible to mitigate those risks. Ahead, we explore the “why” of smart traffic lights and intersections, look at the risks, and consider solutions.

Intelligent Traffic Systems: What and Why
Smart traffic lights have been implemented in Europe and parts of Asia for a few decades. These systems rely on networks of sensors (often buried under the pavement of intersections), cameras and connected cars to collect transportation data, which is then interpreted by AI programs. But entry costs and cybersecurity questions have led to slower adoption in the United States, where the majority of municipalities still rely on fixed-length, time-of-day control systems, according to a U.S. Department of Transportation (DoT) report. The DoT has been researching next-generation technology that could lower the burden of transitioning to smart signals. Rather than needing to fully replace aging lights, for example, the agency wants to usher in the production of affordable add-ons or small, wireless detectors that can stand alone. Under the Bipartisan Infrastructure Law, the DoT is appropriating $100 million annually (from 2022 to 2026) in grant money for smart transit projects, giving a nudge to cities looking to improve traffic conditions.

The benefits of smart traffic lights are wide-ranging, from using on-the-spot data to ease traffic congestion and slow speeders down, to providing real-time traffic information to connected (and self-driving) vehicles and city maintenance crews, improving pedestrian safety and assisting in regional planning. At the University of Michigan, Ann Arbor, a test project found that connecting vehicles with smart intersections could reduce unimpaired crashes by as much as 90%. In addition, technology being developed by companies like Ford, Audi and Google could provide selective green lights for emergency vehicles. On the environmental front, some pilot programs have also reported lower vehicle emissions due to less idling at red lights.

Risks
Like most progress, the rewards don’t come risk-free. A 2020 University of California, Berkeley survey of cybersecurity experts indicated that traffic signals are one of the most vulnerable components among smart city technologies. Some concerns cited by researchers across the field include:

  • More Connectivity, More Problems. As an increasing number of devices join smart traffic networks, the attack surface grows, leading to higher vulnerability to malicious attacks and cyber threats. Since smart traffic infrastructure can collect personal data about individuals, not only are systems left more vulnerable to attack, but drivers are more exposed to the possibility of data theft.
  • Algorithmic Vulnerabilities. Dutch security researchers found they were able to trick intelligent traffic systems across the Netherlands into responding to a cyclist that wasn’t actually there. Many locals in Dutch cities use cycling apps that communicate with traffic signals to help them get more green lights. Researchers were essentially able to reverse engineer these apps to input false data and change traffic signals. Hackers tampering with traffic lights could disrupt the movement of drivers and passengers, jamming up intersections and causing safety hazards, say researchers at the University of Maryland.
  • Lack of Uniformity. As cities adopt smart traffic signals, they may choose varying vendors and systems to provide services. In an interdependent system, the breach of a single vendor could allow access to multiple lateral networks. Considering the array of third-party apps used by individuals and in cars, security will hinge on the ability to establish secure frameworks that everyone can agree on.
  • Nation-State Actors. The Federal Highway Administration (FHWA) says that while at one time, the biggest security concern for transit was pranksters changing construction signs, the United States is now aware of cyber-attackers affiliated with nation-states who are paying close attention to the country’s interconnected traffic systems.

Cyber Safety Within Reach
Though smart traffic signals have vulnerabilities, there are roadmaps for cities to follow that can minimize risk. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) teamed up with counterparts in the UK, Canada, Australia and New Zealand to create a set of cybersecurity guidelines for smart cities. As officials weigh the pros and cons of intelligent traffic systems, measures they can consider include:

  • Cooperation. With an increasingly vast array of interconnected devices and infrastructure, CISA suggests that system owners should stay in control and maintain a keen awareness of evolving networks. Communication is crucial, and the FHWA notes that cyberattacks have been stopped in their tracks thanks to collaborative efforts between transportation departments and information technology providers. Vendors can also reduce risks on the front end by taking a holistic approach to security, following secure-by-design and secure-by-default development practices.
  • Education. The National Highway Institute offers an online cybersecurity class for transit operating staff, while the Department of Homeland Security provides cyber training programs for local officers, and institutions like MIT make online classes and certification programs available that focus specifically on the cybersecurity of smart city technologies.
  • Cyber Assessments and Planning. In a recent report, the Mineta Transportation Institute at San José State University stressed the importance of conducting regular “testing and/or ongoing threat assessments.” Maintaining—and following—up-to-date cyber response plans can also make or break a transit agency’s ability to quickly identify and halt attempted cyberattacks.

Looking Forward
Authors of the Berkeley smart cities study found that “rather than embracing new technologies as quickly as possible, or rejecting new tools across the board due to cybersecurity concerns, city officials should weigh the costs and benefits on a case-by-case basis.” Smart traffic lights have the potential to save lives by boosting pedestrian safety and reducing accidents, in addition to making headway in day-to-day traffic woes and lowering CO2 emissions. But as municipalities move to adopt this technology, they will need to carefully assess vendors and ensure that cybersecurity training and safeguards are front of mind.