Skip to main content

How to keep
smart cities safe



Any time you connect devices to a network, there are privacy concerns. And that becomes ten-fold with smart cities. Critical infrastructure combined with emerging technologies, like virtualization and sensor networks, improve services and help municipalities run more efficiently for their citizens.  

This might include systems to manage and improve the flow of traffic, waste collection, lighting conditions, parking, security and more. In Nanjing, China, there are sensors in taxis, buses and private cars. The sensors send data back to the Nanjing Information Centre where experts analyze it to create new routes to prevent congestion, save money, and improve traffic flow for commuters. In Los Angeles, 4,500 miles of streetlights are switching to smart LED bulbs that are brighter, more energy-efficient and connected, so low bulbs can be flagged and fixed preemptively.  

Smart transportation uses sensors to manage traffic or control lights to optimize wait times for drivers and pedestrians.  

Smart city projects can include everything from smart energy that uses hydrogen or solar heating, to smart meters that use radio transmitters to send readings to a network. Smart transportation uses sensors to manage traffic or control lights to optimize wait times for drivers and pedestrians. Smart cities can also provide real-time parking lot status updates, facilitate ride-sharing and automate trains.  

Smart evacuation systems can find the quickest and safest routes. Air quality checks and advisories let citizens know when it’s safe to go outside. Sensors in trash cans can activate a compactor when garbage reaches a preset level. That’s all just the tip of the iceberg.

Who owns the data collected?


All of these sensors and infrastructure must collect tons of data to perform their desired tasks. But consider who owns that data. It depends on the city, the type of data, and what is laid out in the service-level agreement (SLA) between the municipality and the vendors involved.  

There are three key stakeholders to consider:  

  1. The cities that provide access to their urban spaces and run the municipal services
  2. The private sector companies that supply the infrastructure and algorithms that collect and analyze the data
  3. The citizens who generate this data as they go about their daily activities.  

Typically, governments own data that is generated from the activities and services they provide. But as private sector companies get involved, SLAs could stipulate that they own the data that their equipment or digital algorithms collect.  

It’s unclear yet if such data might end up in the hands of third-party advertisers for uses beyond improving how a city operates.

How do you protect personal data?


Regardless of the type of smart implementations within a city, the goal is to help improve the lives of its citizens. This will require not only approaching smart cities with privacy as the top priority but also putting proper security protocols in place to fend off hackers and misuse of data.  

In its Securing Smart Cities research paper, TrendMicro outlined several security considerations:  

  • Quality inspections and penetration testing are critical to pinpoint security issues or maintenance concerns and tests should be run regularly.
  • When devising SLAs, prioritize security criteria, including anonymizing data, clearly stating who owns it and how it should be used.
  • Ensure that vendors have 24/7 response teams and are aware of the penalties for non-compliance.
  • Have a municipal computer emergency response team (CERT) or computer security incident response team (CSIRT) that can perform countermeasures when needed.
  • Security updates should be performed immediately and consistently once available, encrypted, and digitally signed to verify their authenticity.
  • Have procedures in place for how to handle the infrastructure that becomes obsolete or nears the end of its lifecycle.
  • Public communications channels should be encrypted, authenticated, regulated and protected against eavesdropping, interception and modification through the use of authentication tokens, session keys, biometrics, and/or two-factor authentication.  

While citizens can benefit greatly from a smart city, they should not be inconvenienced should it malfunction.

Bottom line


Smart cities represent the future and have the potential to benefit citizens, businesses and cities. But they must be handled with care and have the necessary precautions and contingencies in place.

Nefarious individuals and groups can, and will try to access any type of digital network and sensor. When that network is tied to traffic lights, transportation systems and smart meters versus a single home, the damage they could do is tremendous. With the proper protocols in place and a focus on using the data for its intended purposes only, smart cities can remain one step ahead.