As the UK government pumps millions of pounds into making its cities and towns ‘smarter’, it’s also spending vast sums of money on defending itself against cyber hackers.

£1.9bn has been announced as part of the country’s national cyber security strategy. An emphasis has been placed on trust in the internet and the infrastructure on which it relies. UK Chancellor Philip Hammond says both are "fundamental to our future". His comments strike a chord, especially in the wake of the recent DDoS attack which immobilized large chunks of the internet.

With cyber security being a top concern in a world where people and places are becoming 'smarter', Mashabletakes a look at how a smart city in the UK could be outsmarted by hackers. First, let us set the scene for you ...

Imagine you're walking down the street at night. Lights from LED lamp posts increase as you pass by, then fade down. Suddenly, you hear a loud noise at the end of the road. Lights flare up to reveal two people arguing. One has a knife. In less than a minute, the police arrive and under a blinding light the two are arrested.

SEE ALSO:Finding the hackers behind the nightmarish DDoS attack

Who alerted law enforcement? Why did the light change in intensity? Are we living in a Minority Reporttype of dystopia?

Nope. This could actually happen in real life. The change in lighting in the above scenario could be made a reality by equipping an LED lamp post with multiple noise sensors and video cameras which are linked to an operations centre.

And that's just the beginning:

IP-connected lampposts can also, for example, help you find that free parking space or alert the authorities to an illegally-parked vehicle. For those concerned about the environment, street lighting can give you an exact reading of CO2 levels.

Intelligent lamp posts can even detect gunshots thanks to real-time acoustic gunfire detection sensors. And they can alert the emergency services.

Still think this is the stuff of sci-fi movies? Then spend some time in Glasgow. Yes, Glasgow, Scotland, where 180 intelligent lampposts have been installed as part of the city's £24m Smart City project.

"Smart lighting, which replaces energy inefficiency with savings between 60-80 percent depending on circumstances, had very positive feedback among shoppers and shopkeepers," Gary Walker, programme director of Future City Glasgow, told Mashable.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

The Internet of Things and the DDoS attacks

However, behind the buzzwords there are serious concerns about the ability of these "smart cities" to adequately protect themselves.

Those fears became a reality last week, when more than 10 million devices hooked up to the internet of things were hacked in an attack that slowed a huge swath of the internet.

The assault was known as distributed denial of service (DDoS), which occurs when a hacker sends so much data at a website that the server can't handle the flow, preventing normal users from accessing the site.

"That's where you'd start if you wanted to shut down a whole city"

Connected lamp posts, just like any other object with an IP address, also run a danger of being targeted and taken over by hackers.

"Intelligent lampposts are an obvious target for whoever wants to target a city on a mass scale. That's where you would start if you wanted to shut down a whole city," Eva Blum-Dumontet, research officer at Privacy International, told Mashable. "The DDoS attack shows we haven't seen any clear progress towards more and better security."

Besides Glasgow, other UK smart city projects involving public-private companies are happening in Milton Keynes, Manchester and Bristol.

Bristol is among the UK cities being made 'smarter'Credit: Getty Images

But experts warn those projects are shrouded in secrecy and are not properly secure.

"We have observed a blatant lack of transparency in the way smart city deals are signed and with little to no information as to how the tech for a smart city is used or what security practices are in place." said Eva Blum-Dumontet, of Privacy International. "We simply cannot trust those projects."

Security vulnerabilities

It's unclear what mechanisms are in place to detect unauthorised access to data or stopping malicious software from destroying every lamp post by causing it to operate in an unsafe way.

"You are effectively bugging every street. In fact, a sensor that detects noises like gun shots could just as well be used to listen in on conversations," says Blum-Dumontet of Privacy International.

"So of course we may trust that local authorities or the police won’t use those sensors in that way. But it will be very easy for someone with a malicious intent to reconfigure the settings to record sound and conduct image processing," she continued.

"The streetlights couldn't be used for surveillance purposes"

Gary Walker, programme director of Future City Glasgow is keen to allay concerns. "The streetlights couldn't be used for surveillance purposes. They don't pick up and record static images.

"The storage of the data adheres to Data protection legislation and also Privacy Impact Assessments that were undertaken as part of the development of the demonstrator," he continued, adding that the data collected is stored on the City Data Hub which is generated from the central management system.

Chancellor of the Exchequer, Philip Hammond, says the UK will strike back if it's attacked by hackersCredit: Getty Images

Walker also explained that noise sensors have no capacity to listen to or record conversations though they can differentiate between the sound of a car and a human voice. "In any event, the noise sensors were only calibrated to respond when the noise levels exceeded a certain decibel level," he said.

So, with about 6.4 billion connected devices around the world today and an expected 20 billion connected devices around the world by 2020, can we expect to see more DDoS style attacks exploiting security vulnerabilities in devices hooked up in the internet of things?

Not if the British government has its way. And it if a cyber attack does happen, it intends to "strike back".

TopicsCybersecurity