Urbanization of populations is a continuous phenomenon, cities are transforming digitally into smarter ones, enabling better governance, enhancing the living of humans and facilitating better resources utilization efficiency. In reality, various systems such as cameras and traffic signals, street lights, sewers sensors, gas and electric meters make up the digital infrastructure of smart cities. Residents will pay their bills and get access to a range of municipal services by connecting to the infrastructure of the smart city. Since smart cities are expected to make up top urban centers, they are expected to contribute to a large percentage of the global GDP. With all the developments taking place, cities around the world could spend as much as $41 trillion on smart tech over the next 20 years.

Smart cities integrate technologies and innovations such as Big Data, mobile technologies, robotics, artificial intelligence and the Internet of Things (IoT) to change how humans interact, work and prosper.  This means that tremendous communication will be taking place across smart city systems, leading to huge data transfers and large data storage facilities run by municipalities. As much as the physical and virtual infrastructure interconnectivity in smart cities render them functional, they also add to their vulnerabilities, creating significant cybersecurity risks.

The cities are vulnerable to threats such as signal jamming, remote systems or data manipulation, Denial of Service (DoS), malware attacks and the recent rampant ransomware and wiping attacks. There is a need therefore for comprehensive smart city plans to minimize cybersecurity risks and protect critical infrastructure in smart cities as to defend stakeholders, ranging from residents to private and public service providers or institutions.

Typical IoT devices are also expected to be in constant communication with the devices of residents such as smartphones, wearables and even implants. Smart cities’ virtual doors will need virtual keys and locks controlled through remote communications. In real sense, these virtual doors to smart cities are never fully locked, creating loopholes cyber attackers will sure attempt to exploit. This then means smart cities are not safe until proven, hence measures must be put in place, spanning physical security and national security, to continuously ensure, guarantee and verify certain processes and operations never go wrong. This paper discusses some of the critical things that should never go wrong in smart cities.

Each subsection will discuss what could go wrong and possible solutions that may help. Discussions will attempt to focus on the most relevant issues for each smart city function, some other general recommendations could still be valid to address mentioned issues but are not listed to avoid repetition or because they represent common safety practice (e.g. operational security, personnel security, service level agreements, systems hardening, physical security).

To obtain a full copy of the report please visit:

https://securingsmartcities.org/wp-content/uploads/2017/09/SSC-15-things-v1.3.pdf