Smart technology is making Europe’s cities more sustainable, but privacy and hacking risks are also growing.
COPENHAGEN — In the capital's old harbor neighborhood, Denmark is experimenting with a city of the future, including a school covered in ocean-blue solar panels, fast-charging stations for electric cars, automated home heating and a large battery storing green energy.
But the smart city vision comes with an Achilles' heel — cyber vulnerability.
Growing decarbonization efforts coupled with state-of-the-art technology are creating an increasingly wired energy infrastructure that poses a huge cybersecurity challenge. The risks range from hackers trying to crash the systems to snoops gathering data on people to extortionists and social media abusers like Cambridge Analytica — the defunct political consultancy that used data to shift elections.
"Some of those functions and equipment that are creating this new way of life have the potential for being vulnerable so we need to get it right," said Thomas Lund-Sørensen, director of the Danish Center for Cyber Security, which is part of the country's national intelligence agency. "If you get it wrong, you get the smart city to potentially become a dumb or dangerous city."
The EnergyLab smart city project covers about 1,400 households in Copenhagen's Nordhavn district, an up-and-coming neighborhood boasting futuristic architecture that used to be an industrial port area.
EnergyLab says that out of all the residents asked to volunteer to share detailed energy consumption data, only one decided to opt out.
Copenhagen is under pressure to slash its greenhouse gas emissions as it has committed to becoming the world's first carbon-neutral capital by 2025.
The project, which brings together utilities, operators, the municipality, a university and key technology providers, is testing how automated technology can integrate electricity and heating with energy efficient buildings and electric transport to create a more sustainable energy system.
Residents have to agree to participate. Then smart gadgetry is installed in selected buildings of the neighbourhood.
The smart city project involves sharing large amounts of data across the various infrastructures to make sure the system runs properly. In one section of the experiment, about 60 households are providing real-time detailed information about their energy consumption to test automated heating systems. In other cases, residents can access apps on their phones to turn off lights or tweak temperatures.
Each apartment has a router and data is transferred through a VPN connection to a protected server room at the Technical University of Denmark, said Anders Christian Laage Kragh, software developer with the university. The readings can indicate how many people there are in a given house, room temperatures and more.
That sort of granular information is needed as energy systems become smarter and more decentralized — but it's also opening the door to more risks.
Who's watching?
For now, the people taking part in the experiment seem confident that their data is secure.
EnergyLab project managers said that out of all the residents asked to volunteer to share detailed energy consumption data, only one decided to opt out.
Denmark "is one of the countries with the highest degree of trust from citizens towards authorities," said Christoffer Greisen, manager for the EnergyLab project. But he and his team still spent months making sure they got the data privacy aspect correct.
"We are all scared about what has been done ... under the Cambridge Analytica scandal," he said.
Danish law has safeguards. So, for example, the energy data can't be used to sniff out if a person is breaking the rules by having too many people living in a house. "It's unlawful to use the same data to detect social fraud," said Greisen.
The goal is to design smart energy solutions that minimize the amount of personal identifiable information that needs to be collected, Lund-Sørensen said.
But there are more risks than keeping information private.
Protecting the system against cyberattacks "is integral" to the EnergyLab project, Greisen said, adding that someone "would need the most sophisticated code breaking tools" to hack the system.
"Cyber crime aimed at disrupting IT networks and IT infrastructure could, at worst, threaten energy supply," according to the Danish Center for Cyber Security.
Engineers are working with "more or less state of the art" cyber solutions for the project, but Laage Kragh added they didn't go for anything extra. "We have done what you normally do in this kind of project."
Even if hackers managed to break through, the consequences of a small-scale project like EnergyLab is "benign," Greisen said. The worst a hacker could do is switch off the heating in about four dozen apartments, but there would be no loss of life or massive blackouts.
Not everything tested in the €19 million Nordhavn project will be implemented on a large scale, said Greisen. "It’s a bouquet of solutions, some of them will live and some of them will die."
But if the scale changes, so do the risks.
"It's a different story if you have a million households and you can switch off the heating or electricity and then you can switch it on again — then you can actually crash the system," Greisen said. "As you scale this in size, you also need to scale the cybersecurity approach."
That's something Lund-Sørensen, of the Danish Center for Cyber Security, is very aware of.
In its annual report last year, the center found that the threats of cyber espionage and cybercrime against the Danish energy sector are both "very high."
"Cyber crime aimed at disrupting IT networks and IT infrastructure could, at worst, threaten energy supply," according to the report.
Not all attacks would necessarily aim for a blackout. There are also worries about stealing or deleting data, or disconnecting smaller smart devices in homes or public buildings.
If a system is unsecured, it doesn't take a hacking genius to exploit that vulnerability, Lund-Sørensen said, warning that "that's why you need to make sure when you construct smart infrastructure in a smart city that they are not vulnerable."
European problems
That's not exactly what's happening across Europe, said Anjos Nijk, managing director at the European Network for Cyber Security, a non-profit group.
Copenhagen is just one of many European cities trying to go "smart": Stockholm is experimenting with smart trash bins and smart traffic control, while Vienna is adopting electric-powered waste collection vehicles and testing the use of plants to green building facades to boost climate adaptation.
The EU aims to replace at least 80 percent of electricity meters with smart meters by 2020, but the project is moving more slowly than expected.
However, cybersecurity "is not always very well addressed yet," said Nijk.
One problem is that some technologies are not tested or built with cyberthreats in mind before they are introduced into the system. Another issue, Nijk said, is that once such equipment is installed, it's not easy for authorities to get a clear understanding of the risk they pose.
Take electric car-charging stations. If a region has a lot of them, they could disrupt the grid if they were hacked.
"Municipalities deploying infrastructure for electric cars are often not aware of the risks because they don't have the security knowledge," Nijk said.
The European Commission is trying to address some of those issues through its Smart Grid Task Force, a grouping of experts set up in 2009 in part in reaction to planned massive rollout of smart meters across the EU. A special working group within the task force is expected to soon release its second report with cybersecurity recommendations for the electricity system.
Back in Denmark, Lund-Sørensen has advice for smart city developers: "Please consider that you are in an environment where someone might be trying to do bad things."
Source: politico.eu
