Ron Totton, MD of SEA, BT Global Services looks at how governments should anchor security as a cornerstone of their smart cities roadmap through digital
The global trend towards urbanisation is forcing many cities to rethink how they operate. By 2030, the world is projected to have 41 mega-cities with 10 million inhabitants or more,1 placing increasing pressure on public transportation, hospitals, waste management systems, and power grids.
Smart cities of the future will need to be dynamic and constantly evolve to meet citizen expectations for high quality services and efficient systems, while ensuring sustainability for the future. Singapore is moving towards becoming the world’s first Smart Nation, set to improve the quality of life for individuals and drive business opportunities for enterprises.
In a smart city the proliferation of the Internet of Things (IoT) will improve connectivity between people and things to generate innovation, economic growth and social progress. In fact, research firm IDC predicts that there will be over 28 billion IoT devices installed by 2020.2
However, this rise in connectivity brings new security risks that could leave businesses, citizens and even communities within a smart city open to cyber-attacks, because IoT devices are not designed with security in mind. Any connected device that allows attackers to gain access to city infrastructure, such as the power grid, healthcare system, transport and water supply, is a potential security risk.
The devices typically deployed to run city infrastructure today have been placed on isolated networks to keep them safe. IoT poses a security risk that could leave businesses and consumers open to both digital and physical crimes. For example, smart cities will have smart building information management that can be potentially vulnerable as they allow infrastructure to be controlled remotely. This could lead to nuisance pranks, but it could also result in large-scale attacks.
What can be done to safeguard against potential smart city security risks? Focus needs to be placed on three core areas: preparation, processes and partnerships.
Governments and businesses need to be prepared with advanced security threat protection measures that detect threats, stop attacks to smart city systems before they happen, and proactively address security vulnerabilities.
They also need to consider security implications even at the initial stages of smart city solution conceptualisation and creation, not as a bolt-on after the product or service is launched. In the event of a security breach, governments need to prepare as they would for a natural disaster. They need emergency response teams to address the security incident, coordinate responses and share threat information with other cities.
Key processes and regulations need to be established for smart cities to be truly secure. Governments need to enforce standard security measures across networks, devices and services domains.
A monitoring system is also needed to continuously identify vulnerabilities and assess the evolving threat landscape based on real-time data capture and analysis. This can take the form of an ethical hacking centre or a threat intelligence service. Singapore’s newly set up Cyber Security Agency that oversees cyber security in ten critical sectors is an example of establishing effective processes to bridge potential cyber defence gaps.
A major part of a smart city roadmap involves increased collaboration between the public and private sector to develop smart city solutions. Therefore, it seems logical for governments and enterprises to work together to pool intelligence and share best practices in security.
By partnering with third party security providers, governments can gain access to specialist skills, experience and knowledge of the evolving threat landscape. In addition, collaboration between academia, government and industry will accelerate cyber and physical security research through to commercial application.
At a national level, security resilience needs to move to the forefront of smart city deployments. Special attention needs to be given to strengthening a city’s cyber defences to safeguard personal privacy and national security.
Governments need to ensure smart city solutions are safe to secure these areas, take the time to understand security systems and ensure they work effectively. Investment in preparation, processes and partnerships will be critical to enabling smart cities to withstand potential security risks.
 2014 revision of the World Urbanisation Prospects by United Nations Department of Economic and Social Affairs (DESA)
 IDC: Worldwide and Regional Internet of Things (IoT) 2014–2020 Forecast: A Virtuous Circle of Proven Value and Demand