Get in Touch

Get in Touch

Get in Touch

Please get in touch using the form below.

Close form

Home / Explore our latest insights / Smart cities offer huge opportunities but come with cyber security risks

Published: 21st December 2022 | In: Insights

The world’s population recently surpassed 8 billion people and more than half of them – an estimated 4.4 billion, or 55% – live in urban areas. In every continent humans have been steadily moving from the countryside to towns and cities for decades, mostly to improve their chances of finding jobs or better paid work, or to start higher education.

While this has undoubtedly added strain to public services and infrastructure, it’s also created many opportunities for urban areas to increase efficiencies in the use of resources, waste management, healthcare, transportation and many other areas.

Smart cities aim to maximise these opportunities and significantly improve a whole range of services to citizens and businesses while reducing the cost of delivering those services per capita. Potentially, energy, resources and skills can all be maximised to make life better for millions of people if they live in one place.   

Improving services city-wide

Take roads and public transport, for example. If they were all optimised to improve the flow of traffic during the morning and evening rush hours it would help people commute to work more quickly, giving them more time for other activities. Some cities already alter the number of road lanes open in each direction depending on the time of day to cut travel times. But imagine taking this further so that the supply and demand of all manner of goods and services could be improved city-wide, from refuse collection and recycling to daily energy use, and from town planning to medical appointments and emergency services.

Although there’s no one single definition of a smart city, a city typically defined as smart uses technology to collect data and analyses that data to ultimately improve services, operations and governance for all. A smart city goes a step further – it shares selected data with specific organisations, businesses and even citizens to help them achieve their goals. In short, smart cities have the potential to improve the economy, equality and sustainability, and lower unemployment and crime rates, ultimately to raise living standards for all inhabitants.

Data, analysis and lots of technology

All of this requires masses of data, some of it in real-time, plus many kinds of sensors, a large network of connected technologies and people who can interpret that data to make informed decisions. Machine learning and artificial intelligence (AI) are increasingly applied to help decision makers choose the best options for the short or long term. Smart cities need to continuously analyse patterns and trends in order to help plan for future demands.

But while smart cities promise many benefits, one disadvantage is that the large amount of interconnected technology needs to be secure. Sensors sending real-time data are Internet of Things (IoT) devices that are usually simple and used to do one job only. Although on the periphery of the network, they are connected to everything else. Left unprotected, they are vulnerable to cybercriminals seeking a relatively easy way into the rest of the network.

For cybercriminals, this proliferation of IoT devices makes for a larger attack surface. The more devices that are unsecure, the greater the city’s overall exposure to risk. Security, as with any other part of the IT estate of a smart city, is paramount – it needs to be planned from the start, not added as an afterthought.

The advantages that a smart city brings are largely due to the interconnectedness of all its infrastructure. But this also creates a huge risk. With an entire city’s data and that of its citizens – including personally identifiable information (PII) and health care data – all in one place, it’s a treasure trove that’s potentially worth a great deal of money in the wrong hands. Aside from the wealth of data to steal, if a cybercriminal were to breach such a network they might be able to threaten power or water supplies, lock down medical facilities or cause traffic gridlock. They might target one function of the city, or several, or make a series of threats if they can remain in the network. In the worst case scenario it’s possible they could hold the whole city to ransom.

With this in mind, the National Cyber Security Centre (NCSC) has published a set of principles for local authorities and their partners to secure smart cities – what the NCSC calls ‘connected places’.

Prime targets

Government departments have long been a prime target for threat actors, whether they are financially motivated groups looking to hold a place to ransom by encrypting data or stealing it to sell on the dark web, or nation-state actors attempting to prise valuable information for competitive gain. But if a city stores all its data in one place, that city could be more vulnerable than ever before.

Water utilities, electricity networks and hospitals have been the targets of cyber-attacks in the past. In August 2022, South Staffordshire Water, in the UK, was the target of a failed cyber-attack. In January 2021, a threat actor tried to poison the water treatment plant in San Francisco. Thankfully, however, most water utilities have a very strong set of quality control checks in place to minimise the risk of contamination to the public’s water – even if breached. Arguably, the most famous cyber-attack on critical infrastructure was that on Colonial Pipeline in the US, which resulted in the loss of 100 gigabytes of data and the shutting down of the oil pipeline network for much of the US’s east coast for days.

Despite national cyber-crime fighting agencies, like the NCSC, strongly advising everyone not to pay ransom fees, critical national infrastructure is seen as needing to keep the water running and the lights on at all costs, so some organisations have paid money out in the past.

Over time, smart cities could enhance their efficiency, raise employment rates, improve equality and people’s quality of life, reduce emissions and waste sent to landfill, and save money if they use the data they collect intelligently. Around the world, combined, they could strengthen the global economy and help to fight climate change. While the cyber security risks to smart cities are ever-present, there are solutions available to defend the full range of IT infrastructure, from servers and databases to laptops and smartphones through to email and the millions of sensors used in smart cities.

Cyber security for an entire city

Fundamentally, protecting a city’s infrastructure is no different than protecting any large, complex organisation. They mostly use the same types of technologies that are designed, built and maintained by many of the same IT vendors. And everything is connected together. So, the same cyber security principles, like good cyber hygiene and zero trust, apply.

Our services, managed by experienced, certified professionals, are designed to protect any organisation’s – or any city’s – entire IT estate including all operational technology (OT), IoT devices and multi-cloud environments. Explore our comprehensive range of services to see how we can help you reduce risk today and tomorrow.