Building trust in smart cities: A security-first approach

IT network over a smart city
(Image credit: Jamesteohart / Shutterstock)

Smart cities represent a major opportunity for change. From upgrading outdated infrastructure to making our society more sustainable - the possibilities are near endless. The potential cost savings from smart city deployments are also likely to have a huge positive impact, with figures forecast to reach $249bn globally by 2028, up from $96bn in 2023. When it comes to the development of these smart cities, data plays a critical role. Data enables a smart city to optimize resources, improve the quality of life of its inhabitants and create sustainable economic development. All this data needs to be processed and analyzed, often in real time - and this is where artificial intelligence (AI) comes in.

Despite all the promises AI and smart cities can bring, there is hesitation among the businesses and people living in these cities to adopt such technologies because of the potential for data leaks or poisoning. To tackle this, those building smart cities need to work with security experts to ensure water-tight security defenses are built into the foundations from the beginning - only then will smart cities reach their full potential.

Andreea Munteanu

Product Manager at Canonical.

Creating smarter and safer streets

The benefits of smart cities are already being felt by citizens across the globe. In Dublin, an AI system monitors CO2 emissions, weather and noise levels, meaning cleaner air in the city streets, offering city planners data they can use to plan new schools and homes. Elsewhere, in Finland, smart city technology is helping Helsinki cut carbon emissions associated with heating homes, with an aim to become carbon neutral by 2030.

Smart city technology doesn’t just improve day-to-day lives: it helps to reshape the future of cities, ensuring new developments can be planned around how people actually live. City planners are informed by data analytics and AI derived from many sources, allowing city authorities to serve the real needs of their citizens better.

As the technology evolves, AI systems will become ever more central. Smart cities will become 'cognitive cities', where AI systems sense problems, and then act, without needing a human in the loop. There is so much potential for the technology, but it needs fast deployment and any issues to be pinpointed and fixed early on. Open source approaches will be key, helping to accelerate product development, encourage experimentation and enable issues to be rectified before they become problems.

Putting security at the core of AI-enhanced cities

Consumers are growing cautious of how their data is being captured and used to train the AI models that underpin smart cities, and if their privacy is at risk. Once an AI model ingests and is trained on a dataset, there is no way of taking the data back. There is also the risk that it can be sold on to third parties, meaning citizens can be tracked without them realizing it. To ensure the privacy of data and the ethical use of AI models, effective regulation is necessary. While there aren’t yet frameworks in place for this, several countries have begun developing guidelines, such as the UK’s pro-innovation approach. Lastly, organizations can use secure environments to develop the models, with breakthrough capabilities such as confidential computing, strict confinement or data tokenization.

When it comes to the security of smart cities, there are complex hurdles to overcome. A smart city brings together a range of data sources and interconnected devices, creating a much larger attack surface for hackers to exploit. For example, in transportation, self-driving cars, smart traffic lights and sensors on roads are all collecting data that is being fed into the same connected network. A breach could allow a hacker to cause traffic jams, manipulate signals, and even gain access to personal data.

The Department of Culture, Media and Sport (DCMS) has already produced a Code of Practice for consumer-generated IoT products. The guidelines ensure that any company designing IoT products and end-points build ones that feature security by design. While a good starting point, organizations spearheading these smart city projects must do more to get ahead of security threats, especially when integrating new technology with legacy infrastructure.

The principle of least privilege, under which each entity in a network is granted the minimum system authorization and resources needed to perform its function, is crucial. This should be followed by implementing stringent measures such as multi-factor authentication (MFA) for both local and remote accounts and devices. MFA helps to bolster the security of the underlying framework that facilitates entry into networks and systems, especially when accessing highly sensitive data. Incorporating the principles of zero trust network design will also help to establish a heightened level of network security and enhanced visibility into network operations. This approach mandates authentication and authorization for every new connection, employing a multi-layered defense strategy. Finally, using AI to auto-update IoT networks will ensure that each device can monitor its own health and install any security patches or new software from authorized, trusted developers.

Securing tomorrow’s AI-driven cities

The emergence of smart cities promises a more connected and efficient urban future. However, this vision must be built on security and trust. As cities add sensors and data-driven services, they also increase the attack surface for cyber threats and privacy violations. City planners should adopt a security and privacy-first mindset by prioritizing cybersecurity and data privacy from the start, enabling smart cities to become truly intelligent urban environments that improve lives.

We've featured the best secure smartphones.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:

Andreea Munteanu is Product Manager, at Canonical.