BONN, Germany (Thomson Reuters Foundation) - With a few clicks of his mouse, and helped a little by the fact that the person he was targeting had no password, Thomas Stasch quickly hacked into the home system of a stranger in Germany.
But then, seconds before plunging the person’s household into darkness by switching off their lights, he stopped.
Stasch was showing an audience in Bonn how simple it is to hack interconnected digital systems - often termed the “internet of things” - such as elevators, baby monitors and home heating.
“It’s becoming easier and easier,” he said during a conference on building resilient cities.
Stasch advises cities on vulnerabilities and digital strategy, and he warns of a dark side to the trendy technology.
Digital security is particularly acute for cities, which hold reams of valuable personal data - from tax information to welfare benefits and parking fines. That makes citizens and local governments valuable victims, he said.
To date, he told the gathering, the focus has been on the functionality of digital systems rather than their security. But that will change.
“It’s only a matter of time before you have problems, and so we should deal with (cyber attacks) like a national catastrophe - you know it will come and you have to be prepared,” he warned.
One solution to improve cyber-security resilience is for city officials to talk more openly about attacks they have endured, said Paul Argyle, who advises the mayor of Greater Manchester in Britain.
“We need to accept it doesn’t necessarily mean you’ve done anything wrong if you’ve been attacked. We need to start sharing all that information,” he said.
Manchester is striving to be recognized as a global digital ‘smart city’, and recently hosted a series of digital summits to push its reputation as Britain’s leading interconnected region.
Encouraging tech start-ups, investing in digital research and introducing smart ticketing on public transport so that passengers can use one ticket to ride a bus, tram or bike are some of the measures being taken, Argyle told the Thomson Reuters Foundation.
Hospitals in the city were last year affected by the ‘WannaCry’ ransomware attack that infected computers and crippled hospitals, banks and companies across the globe. Britain and the U.S. held North Korea responsible.
“We know we will be attacked in different ways, in different parts of our city,” Argyle said.
Local municipalities needed to accept that they would be vulnerable and likely unable to defend themselves against organized crime or state-led cyber attacks, he said, but they can improve their resilience by talking to other cities.
“We need an international convention,” Argyle said, suggesting an agreement similar to the Paris climate accord, as that could lay out universal standards on cyber-security.
On May 25, the European Union’s General Data Protection Regulation (GDPR) is set to enter into force.
Experts say it will be the biggest overhaul of privacy rules since the birth of the internet, giving the public more control over how their data is used, and requiring businesses to report data breaches within 72 hours.
For Roman Mendle, smart cities program manager at ICLEI, a global network for local governments, it is not the technology itself that is to blame, but rather the value systems and ethics behind them - which are led by people.
He said digital technology could enhance cities, for example by managing water systems or carrying out a population census, but warned that such systems alone were not a panacea and could become yet another infrastructure layer to manage.
“The more you rely on certain systems ... you’re transferring dependency on to the new system,” he said.
He also agreed an international framework was needed.
“At the moment we’re in a Wild West situation,” he said.
Reporting by Adela Suliman, Editing by Robert Carmichael. Please credit the Thomson Reuters Foundation, the charitable arm of Thomson Reuters, that covers humanitarian news, women's rights, trafficking, property rights, climate change and resilience. Visit news.trust.org