The Security Challenge Of Protecting Smart Cities

As we continue to move forward in the Industry 4.0 era of greater connectivity between the physical and digital, the promise and development of smart cities become a more likely vision. While the term may have differing definitions, the term “smart city” usually connotes creating a public/private infrastructure to orchestrate the integration of transportation, energy, water resources, waste collections, smart-building technologies, and security technologies and services in a central location.

In the past several years, cities have migrated from analog to digital and have become increasingly “smarter.”  A smart city uses digital technologies for information and communication technologies to enhance quality and performance of urban services, to reduce costs and resource consumption, and to engage more effectively and actively with its citizens. A smart city is indeed a laboratory for applied innovation. A smart city and its accompanying ecosystem can influence and impact the industrial verticals including transportation, energy, power generation, and agriculture.

A Smart City involves interactions and complexities from various technologies, verticals, and regulatory policies. Creating and building a “Secure Smart City” requires strong Private Public Partnerships that incorporate people, policies, processes and technology from both government and industry into the overall strategy process. Smart Cities integrate transportation, health, energy, water resources, waste collections, smart-building technologies, and security technologies and services. The defense and security firm THALES refers to this structure as “an intelligent network of connected objects and machines transmitting data using wireless technology and the cloud. And where here cloud-based IoT applications receive, analyze, and manage data in real-time to help municipalities, enterprises, and citizens make better decisions that improve quality of life.” What is a smart city? Technology and examples (thalesgroup.com)

It is estimated that the global smart cities market will be worth $676.01 billion by 2028 according to a study conducted by Grand View Research, Inc. The study bases its predictions on “the demand for smart cities is anticipated to increase primarily due to factors such as rising urban population, growing necessity to efficiently manage limited natural resources, and environmental sustainability.” Smart Cities Market Size Worth $676.01 Billion By 2028 (grandviewresearch.com)

Having required services of daily life coordinated and readily available for the connected citizen is a goal of the smart city. But secure city network can become a target itself for hackers and other threat actors.

The Need for Strong Public Private Partnerships for Security in Smart Cities

The growing complexity and magnitude of risks in such an integrated communications structure requires an unprecedented level of collaboration between public and private stakeholders than ever before. Most of the urban critical infrastructure is owned by the private sector and regulated by the public sector. Because of that ownership factor, a secure smart city can only be really viable if it operates under the umbrella of a strong public/private a partnership.

Extending public/private sector working partnerships to physical and cyber threats to the critical infrastructure makes good sense. It can be planned and built through investments, grants, and tax incentives.

Keeping a smart city secure is a challenge as the urban safety ecosystem of citizens can involve a variety of scenarios and threats, including terrorism, crime, weather incidents, and natural disasters. Thus, from a security perspective, a smart city design needs to include processes and technologies that protect and secure citizens.

Three Key Elements for a Secure City

Maintaining a secure smart safe city entails creating a public/private infrastructure to conduct activities and provide technologies that protect and secure citizens. This includes three fundamental activities:

1)  Shared situational awareness, intelligence, and communications. Physical and cyber threats come many areas, including state-sponsored against critical infrastructures, criminals, natural disasters, and negligence.

2) Integrated operational management activities to prevent, mitigate, respond to, and recover from incidents. Interoperability among first responders is vital and constant training and building of security protocols are necessary to maintain a resilient risk management posture.

3)  The procurement of a multitude of emerging technologies that facilitate both physical and cybersecurity. Examples of such technologies include sensors, scanners, barriers, intelligence, acoustic and video surveillance, biometrics, and data analytics.

The NIST Smart Cities and Communities Framework (SCCF) is a good framework that applies best practices to these elements to provide cities and communities with technical guidelines for the planning, developing, and implementing smart solutions. NIST Smart Cities and Communities Framework Series | NIST

Building protocols between the public and private sectors for secure safe city is an essential priority for planning and accountability. These three key elements are not independent of each other and should be fused together in a framework to present specialized options for a multitude of security threats.

To understand and meet the changing threats, first responders, law enforcement, and government and civic leaders must collaborate, train together, and be able to talk to each other. Information sharing and interoperable communications are a first step in situational awareness.

Security risks and threats to cities can be existential from weapons of mass destruction. The Department of Homeland Security (DHS) created the Securing the Cities (STC) program to “reduce the risk of a successful deployment of radiological or nuclear weapons against major metropolitan areas in the United States. Through STC, DHS provides radiological and nuclear detection equipment, training, exercise support, and operational and technical subject matter expertise through cooperative agreement grants.” DHS Announces Expansion of the Securing the Cities Program | Homeland Security

Chem bio also poses threats to smart cities. In ensuring public safety, mobile chemical and biological sensors can alert to CBRNE threats, and robotics can diffuse bombs. Sensors and embedded security systems, including surveillance cameras can monitor criminal behavior or terrorist threats.

Another difficult challenge is keeping up with the increasing sophistication of the threats, particularly cyber. This is not an easy task and requires predictive incident mapping. Elements of that mapping include incorporating predictive analytics, establishing informed risk management planning, and implementing horizon network monitoring & diagnostics. According to Todd Waskelis, Vice President of AT&T Cybersecurity Solutions, “the ever-evolving threat landscape creates new and unexpected challenges for even the most seasoned cybersecurity professionals. From ransomware and DDoS attacks to cybercriminals buying attack kits on the dark web, staying ahead of new attack vectors can be daunting.” Cybersecurity in an Evolving Threat Landscape | AT&T Business (att.com)

UK's National Cyber Security Centre (NCSC) recently warned that cyber-physical systems in smart cities could be compromised by cyber attackers if they are not secured properly. They noted that the huge volume of sensitive data being collected and stored by IoT-connected smart cities, plus the ability to disrupt, "makes these systems an attractive target for a range of threat actors." Smart cities are a tempting target for cyberattacks, so it's time to secure them now | ZDNet

Because we are now immersed in a digital era, a proportion of the planning can be automated via algorithms, artificial intelligence, and augmented by big data. Some of the interesting innovative technology digital era trends impacting the transformation of smart cities includes 5G, automation, robotics, enabling nanotechnologies, artificial intelligence (human/computer interface), photovoltaics and printed electronics), wearables (flexible electronics) and information technologies such as real-time analytics and predictive analytics, super-computing, wireless networks, secure cloud computing, mobile devices, blockchain, and virtualization.

While primarily designed to facilitate citizen services, all these technologies also have smart city security applications in homeland security, interesting applications of data analytics are being incorporated into government programs for case management situational awareness and mitigation. However, everything can be fallible and there still we always be a need for a human oversight factor.

As our cities grow more complex and interconnected by the Internet of Things, urban smart technologies are becoming increasingly ubiquitous. Unfortunately, the threats to everything connected are also growing and becoming more sophisticated. Strong and robust public private partnerships will be needed to both build and protect by design. It is not enough for a city to be wired, accessible, and smart. Physical security and Cybersecurity are imperatives and part of a operational paradigm for the new smart cities that await us.

About the author:

Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also Adjunct Faculty at Georgetown University’s Graduate Applied Intelligence Program and the Graduate Cybersecurity Programs where he teaches courses on risk management, homeland security, and cybersecurity. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020 and 2021 Onalytica "Who's Who in Cybersecurity" – as one of the top Influencers for cybersecurity issues and in Risk management. He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, and as a Top Leader in Cybersecurity and Emerging Technologies by Thinkers360. He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.