“A smart city needs smart maintenance”

Is it possible to hack smart cities?

Rebahi-Gilbert: Smart cities are made up of a network of many small computers that are distributed all over the city and which are meant to take over urban-management tasks – of course it’s possible to hack these computers.

What does it take to hack a smart city?

Rebahi-Gilbert: On a technical level, you don’t need much – a normal laptop with Internet access will do. The knowledge you need is already online. It requires determination and perseverance – then it’s only a matter of time.

How would the process of hacking a smart city take place?

Rebahi-Gilbert: If my intention is to attack a particular traffic light – like a sniper homing in on one target – then that’ll usually be a bit time-consuming. Therefore, it depends a lot on my motivation. Is it enough for attackers just to put something out of action or is the aim also to steal data? To stick with my gun image: let’s say, a digital shotgun were to be used on a smart city. Malicious hackers would simply fire a blast into the Internet and then look to see what they’d hit. That could be things like the heating thermostat of a school in Kiel or a license plate recognition system in Brandenburg. If they find a loophole somewhere, they up the ante and see what happens when they use it.

How can cities react to such an attack when it’s already taken place?

Rebahi-Gilbert: A so-called “incident response team” would be responsible in such cases. It would need to have thought out in advance what might need to be done, as well as when and where. And that would all be laid down in incident response plans: whose job is to take care of the water sensors? Who’s looking after the car parks? And what about the rubbish bins? In addition, it’s necessary to determine and rehearse in advance the management procedures for devices. After all, a smart city also needs smart maintenance.

How can cities protect themselves against cyber attacks?

Rebahi-Gilbert: By developing a risk management plan, cities can determine their risk factors, calculate the probability of certain incidents and estimate possible amounts of damage – all of which then helps them determine which services require which degree of security. Smart cities have got to get involved in this process and need to do so time and time again. But: there’s no such thing as 100% security. The only conceivable device that’s completely secure would be one that’s hidden in a safe without any contact to the outside world – and that fact would render it useless.

In view of all these possible attacks – do smart cities make any sense at all?

Rebahi-Gilbert: Attacks and crime are possible everywhere – in a high-tech city as much as a normal one. So of course we need to look at what we can do against such attacks and how we want to deal with them – but we shouldn’t just be concentrating on possible points of attack, but also need to keep in mind all the things that smart cities can do: they’re sustainable, resource-saving and generally pleasant for people to live in.

So would you personally like to live in a smart city?

Rebahi-Gilbert: Let’s say, I wouldn’t be afraid of living in a smart city because of possible cyber attacks. But I’m a bit more bothered about another point, namely, what sort of impact does such a smart city have on our society as a whole? What does it mean in terms of our privacy? How much do we want to reveal about ourselves, and how much do we have to? These are very urgent questions that we all have to answer together. Because smart cities are on their way; people are already asking for them.