Skip to main content

Published earlier this month, the Department of Homeland Security report The Future of Smart Cities: Cyber-Physical Infrastructure Risk addresses how the increased use of smart technologies may create or increase risks for cities. The report focuses on the use of such technologies in the water and wastewater, energy and transportation sectors. For the water and wastewater sector, the report looks at three different ways smart technologies are increasingly being used – in water treatment, distribution, and storage – and develops scenarios for how each might serve as an infiltration vector for a threat actor. These scenarios highlight many potential vulnerabilities in modern and emerging water and wastewater infrastructure that could be exploited by threat actors to degrade and/or disrupt systems and cause far-reaching impacts.

Among the potential vulnerabilities in smart water and wastewater systems highlighted in the report are reliance on communications technology that introduce large attack surfaces; the involvement of numerous third-party vendors and contractors for system installation, maintenance, and operation; a lack of understanding among new staff of legacy systems; and the consolidation of plant control into a central command system. The report discusses how such vulnerabilities could be exploited by savvy threat actors to cause wastewater facilities to backup and cause environmental damages, make water treatment facilities distribute contaminated water, or mask the presence of dangerous substances in water storage facilities.

The report also notes that there are areas in which DHS can contribute by anticipating and designing for potential risk and by influencing the overall security environment in which smart technologies exist. Among the areas cited by DHS are: establishing minimum numbers and qualifications for staff at smart technology facilities, assisting with smart technology user education, and facilitating a national implementation system to help cities install and support cyber-physical components between one another at different stages of development.