Imagine walking on a street in a city where lights adjust their brightness levels according to weather conditions, predictive traffic management systems reduce congestion, AI-driven water usage monitoring systems, and environmental waste is handled to minimise pollution. Such possibilities have become endless with the wide adoption of smart cities powered by AI.
Globally, communities are adopting smart city technologies in their infrastructure. However, they bring along mounting concerns of cybersecurity risks, thereby forcing them to evaluate and address the risk of cybersecurity associated with such integration.
Understanding cybersecurity landscape in smart cities
Smart city ecosystems can be significantly more complicated than conventional IT infrastructures because of the many AI and IoT devices. These connected endpoints and network connections have exponentially increased entry points that cyber adversaries can potentially exploit. Their vast asset of intrinsic value has the potential to be exploited by nation-states, cybercriminals, hacktivists, insider threats and terrorists.
In other words, it is similar to having too many unlocked doors to a house where any of them can provide access to malicious individuals. Such data created and used in a smart city is alluring to cyber actors. Thus, advanced protection mechanisms are absolutely required for such data.
AI-based security systems are adaptive to sense different patterns of activities, which might lead to incidents. As a result, such smart cities with intelligent AI-driven systems contain sensitive data and potential vulnerabilities, which cyberattacks can exploit.
Balancing innovation with security
Security planning should focus on creating resilience through defence in depth and account for both physical and cyber risk as well as the converged cyber-physical environment that connected systems introduce across smart cities. Cybersecurity should enable safe technological progress through a multi-layered approach involving technology, policy, and public awareness.
The use of blockchain technology is becoming promising in enhancing smart city security. Blockchain provides a tamper-proof record of transactions which complements AI applications for the assurance of information integrity and enhancement of transparency in city operations.
The cooperation between public and private sectors is also necessary. Governments are moving towards creating regulations to promote best practices in terms of security among citizens, and firms that are involved in developing intelligent city technologies have to obey these regulations to ensure they implement secure solutions.
The steps to taking an holistic approach to cybersecurity in AI across smart cities
Strategic foresight: Incorporate proactive cybersecurity risk management into the planning and design of smart cities. For example, in China, artificial intelligence robots equipped with cameras and scanning sensors were extensively deployed in smart cities, especially during the COVID-19 pandemic.
- Bridging the gap: Integrate new technology carefully into legacy infrastructure, ensuring secure connectivity and redesigning legacy infrastructure if needed. This was recently addressed in research conducted to determine the state of legacy systems in water utilities in Serbia and the region, to identify current problems, and to examine readiness for Industry 4.0.
- Cyber meets physical: Emphasise building resilience through a defence-in-depth strategy that addresses both physical and cyber risks, while also applying the principle of least privilege, reviewing default configurations, and hardening vendor guidance. Such initiatives were demonstrated by The Hague smart city highlighting the interconnectedness of urban resilience and cyber resilience within smart cities. It explores the cyber resiliency engineering strategies enterprises should implement to enhance cyber resilience in their digital operations.
- Remote security checklist: Secure remote access applications, enforce multi-factor authentication, and review configuration policies. macchina.io explains deploying IoT and building a secure, simple, customisable, and scalable remote access solution for Agfeo telephone and communication system users.
- Secure network blueprint: Implement zero trust network design principles for enhanced secure network environments. For instance, the City of Philadelphia deployed Juniper’s Security Director to deliver centralised security management, network-wide visibility and analytics, and unified policy orchestration to secure the network and expand zero trust from the edge into the data centre.
- Risk reduction mechanisms: Adopting smart city technology should focus on raising the bar for the security requirements of the software suppliers, and ensure that the software vendors use good active vulnerability management. Vendors must focus on reducing customer cyber risks and adhere to ‘secure-by-design’ principles.
- Train, update, repeat: Create contingency plans for manual operations and provide staff training on both integrated and isolated procedures. Regularly update this training and keep incident response and recovery plans current, conducting annual exercises to ensure effectiveness.
Looking forward…
Building secure smart cities with AI and cybersecurity is promising yet challenging. Achieving a connected urban environment optimised by AI requires robust cybersecurity to counter threats. Understanding the cybersecurity landscape and implementing strategic foresight, resilience, and proactive risk management will be required for cities to minimise risk through cyber threats and attacks. Also, technologies such as AI-based security systems and blockchain technology will definitely help. Collaboration between public and private sectors and ongoing education will ensure these smart cities are innovative and secure.
While the road ahead appears challenging, with a proactive and multi-layered approach to cybersecurity, smart cities can become a reality without compromising security and privacy.
Anna Ribeiro 