Interest in the smart city concept has grown exponentially over the past few years, with top research being done in the Internet of Things (IoT) and urban domains to define, assess, and improve smart city services and offerings. In smart cities, information security plays a major role in protecting the higher levels of confidentiality, availability, and integrity as well as the stability that national services and organizations need to support sustainable and livable smart environments.

Smart city stakeholders are identified as the government, the commercial organizations and the citizens; the development of a smart city organization or business has also been identified to heavily rely on technology and service providers; but as each organization requires its own smartness assessment and development, it has become clear that responsibilities, processes execution and decision making need to be institutionalized, where “smart city departments” or “smart city offices” get established to take ownership of the arrangement to become “smart city compatible” and to prepare roadmaps for the future of the organization itself; much like the IT departments in the 2000s, independent smart city departments are expected to emerge in organizations isolating organisation’s political aspects from the technological aspects.

According to the Institute for Electrical and Electronics Engineers (IEEE), “a smart city brings together technology, government and society to enable the following characteristics: a smart economy, smart mobility, a smart environment, smart people, smart living and smart governance.” This can be realized using a wide range of connected systems to process and exchange data between multiple stakeholders, including transportation, energy, and city services. As new points of connection are introduced throughout a city, having processes to methodically evaluate the security risks and appropriate mitigations for each connected system inside each organization is critical to the overall success of the city, the smart city is an ecosystem of smart organizations, where tolerance to cyber damage is little compared to the current world, more comparable to critical infrastructure environments, but much more demanding. Smart City Departments (SCD) are expected to emerge in smart city organizations (Governments and Businesses) to manage the city requirements and control its operations.

In previous document on the Cyber Security Guidelines for Smart City Technology Adoption, we identified the cyber security planning, evaluation and operational requirements for smart city technologies; this document discusses the Smart City Department information security role, its influence on technology adoption, services quality, legislative compliance, interorganizational and intraorganizational information and communication resilience in addition to the efficiency and sustainability of operations. The purpose is to provide guidelines for public and private organizations when planning and building their SCDs, that could be used as a baseline for the role development of emerging smart city departments or similar functions, helping provide a certain level of assurance and trust to operations and services, thus supporting the promotion and propagation of smart city services. It describes the types of roles and responsibilities to be defined and adapted for a successful consideration of information security issues in smart environments, risk control and organizational readiness for cyber occurrences. This guide is not a detailed testing or assessment program, but rather an illustration of the key elements that organizations need to examine and be aware of, when defining the role of smart city departments, in order to achieve the best safety and resilience.

Download PDF here (ver 1.1)

Authors: Mohamad Amin Hasbini, Senior Security Researcher, Kaspersky Lab, Cesar Cerrudo, CTO, IOActive Labs, David Jordan, CISO, Arlington County Government, Virginia, USA, Ramzi El-Haddadeh, Associate professor, Management Information Systems, Qatar University, Alan Seow, Cyber Security Practitioner, Samir Pawaskar, Cyber Security Policy and Standards Section Head, Qatar Ministry of Information and Communications Technology Team.