Are smart cities a disaster waiting to happen?

Urban IoT promises to provide better healthcare, utilities, education and policing, but the cost to privacy could be high

Smart city concept - smart cities

Demographic change is set to be one of the biggest challenges we will face this century. According to UN predictions, the global population will hit 9.5 billion by 2050, with 68% of people living in urban environments.

The towns, cities and megacities where these billions of people will live are already having to adjust to the realities of a steadily growing population, with transformation into "smart cities" becoming one of the go-to solutions.

Advertisement - Article continues below

Using Internet of Things (IoT) sensors and edge computing to collect and analyse data, smart city infrastructure is aimed at managing assets and resources efficiently. It's being used in areas such as transportation, power plants, water supply, environmental management, crime detection, schools and hospitals.

Although this type of data collection is proving useful for public services and city officials, it's also raised concerns around security and privacy. According to an online poll by industry body Wi-SUN Alliance, 21% of people believe these issues are holding back smart city development.

When asked about their biggest security concerns, 37% of respondents highlighted data privacy as their biggest worry. Other issues include attacks on critical infrastructure (28%), network vulnerabilities (24%) and unsecured IoT devices (11%).

A privacy crisis

Connected sensors and devices are the beating heart of smart cities, and they generate masses of data. To put things in perspective, a report by SaaS provider DOMO claims that currently 2.5 quintillion bytes of data are created daily. By 2020, that number's predicted to increase to 1.7MB per second, with the rise of smart cities contributing to this growth.

Advertisement - Article continues below
Advertisement - Article continues below

Dr Isabel Wagner, senior lecturer in computer science at De Montfort University, says this collection and integration of data leads to complete surveillance and profiling of individuals."Uiquitous surveillance has negative impacts on individual rights and freedoms, such as a chilling effect, discrimination and social sorting.

"Depending on how you judge the severity of loss of individual rights and freedoms, the problem is more or less significant. But what greatly increases this baseline significance is that individuals typically cannot 'opt out' of a smart city because jobs, friends and family are in the city. This means options for individuals to protect their own privacy are very limited."

Wagner admits that fixing these problems isn't easy. "Adding security and privacy protections to smart city tech costs more initially because of more work for developers and may require expertise that developers may not have," she continues. "Cash-poor cities partner with private corporations who promise great features for low cost; but corporate profit motive means they collect (and then sell) more data than needed."

Advertisement - Article continues below

Dr Darren williams, CEO and founder of cyber security firm BlackFog, says cities are looking into many technologies that have wide-ranging implications on data security and privacy. "These include the ability to monitor commuter travel based on smartphone data so cities can plan better and reduce congestion. Needless to say, this would mean cities and governments would know exactly where citizens are going and what they may be doing," he explains.

"Cities are also experimenting with centralised health records. Such information could be used to assist in funding government departments and research into diseases to improve healthcare, fight chronic disease and reduce healthcare costs."

He adds that data collection on this scale would mean wide access for the government and could be open to abuse if not carefully controlled. "How comfortable citizens will be with the prospect of this remains to be seen, and how governments use and store this information will be crucial in protecting the privacy of their citizens."

Open to attack

Data privacy isn't the only potential concern when it comes to smart cities; there's also a very real risk of them being targeted by hackers. In the past, IoT devices have been criticised for poor security, which has led to them being recruited into botnets, used to spy on people in their own homes and as a gateway into businesses.

Advertisement - Article continues below
Advertisement - Article continues below

"Smart cities are inevitable but the introduction of such advanced technologies into the fabric of a city is not without risks," says Kevin Curran, senior member of the IEEE and professor of cyber security at Ulster University. "Relying on a central technological hub to control core infrastructure can allow nefarious hackers to bring a city to its knees more easily than ever before. We have already seen many cities paying large amounts when subjected to ransomware attacks."

Curran says cities need to ensure that when they deploy connected devices they have security policies in place -- such as firewalls, intrusion detection and prevention systems. "They also need to ensure that they cater for the confidentiality of their customers data, this is where encryption plays a core rolem" he adds.

"It's crucial that all devices have strong passwords and it's also good practice to enforce certificate-based authentication, which identifies communicating individuals and authorised devices. Device management agents can also highlight failed access attempts and attempted denial-of-service attacks. All non-IoT devices must also be patched and kept malware free to ensure the safest smart cities."

Advertisement - Article continues below

Just like Curran, NCC Group research director Matt Lewis says smart cities present a high volume of potential attack surfaces that are practically impossible to monitor and police effectively. "This not only increases the risk of these devices being tampered with, but also means it's difficult to detect when this has occurred, especially when the sensors are deployed in public spaces rather than on private servers," he tells IT Pro.

"Ultimately, this could lead to personal information such as an individual's location, biometrics and CCTV images being accessed, manipulated or stolen," Lewis explains, adding that attackers could even potentially gain access to full surveillance capabilities and other systems connected to the network.

Smart city lockdown

As the number of smart cities grows, it will become increasingly important to mitigate these risks. Indeed, there's a strong argument that businesses and authorities involved in the creation and administration of smart cities have a duty of care to ensure privacy by design

Advertisement - Article continues below

According to Phil Beecher, CEO of the Wi-SUN Alliance: "Organisations need to start off on the right foot and make security central to their IoT strategy in order to realise the long-term benefits that IoT and ensure the threat to data privacy is offered at minimal risk."

Given the amount of data collected by smart cities, there are also legal considerations. Georgia Shriane, senior associate solicitor at specialist tech law firm Boyes Turner, says: "The question of smart cities turns on careful use of technology and legislation adapting to cope. Trust in public services and the government will be key ensuring privacy is protected. Data protection will be at the forefront of most people's minds.

"Laws like GDPR were created to cover traditional internet and hard copy use of personal data. They weren't drafted with smart cities in mind. As the technology develops, the amount of imagery and data captured will increase exponentially. This whole area of law will need to be constantly reviewed to ensure we keep pace, maintaining public trust and confidence in the smart cities we live in.

"Data ownership will also be something that needs resolving. The public may accept data being owned by a public body but may have strong reservations if the data remains the property of providers or contractors and enforcement becomes more complex."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020