Dr Nicholas Allott talks through cyber security gaps that cities face at the International Conference on Evolving Cities 2022. Evaluating access, ownership and data flow, and the importance of mapping and auditing systems.

A SmartCity is a highly connected ensemble of critical national infrastructure elements. This represents a huge potential for efficiencies and improved citizen services but at the same time a security threat of significant and growing proportions. SmartCities present certain distinct challenges that differentiate them from other critical infrastructures, namely the highly distributed and fragmented nature of the physical assets and processes that comprise this emerging SmartCity concept.


Nick explains typical problems SmartCities encounter, and methods in which to mitigate the risks.

Typical cyber security problems to consider

  • Smart cities are attractive attack targets
    • Critical national infrastructure which is heavily interconnected.
  • Weakest link in smart cities is “cheap IoT sensors” which are operationally connected to management systems
    • Outsourced PCB development and embedded code
    • Who supplied the wireless unit?
    • Who supplied the hardware?
  • Complexity of securing an evolving and interconnected system.
  • Who’s problem is it?
    • Who owns what assets?
    • Who is responsible for what (installation / operation)?
    • Who owns the data?
    • Who owns the API?
    • Can the system be connected?
    • Why are we working with them?
  • Culture & Skills
    • What cyber security processors are in place?
    • Do you have a chief information security officer?

What can be done about it?

  • Produce an inventory and audit of what you have got and work out what you should know.
    • Sensors
    • Databases
    • Workflows
  • Embed least privileged concept systematically across the organisation.
    • What is the MINIMUM amount of information that I need?
  • Zero trust
    • When it comes to security, check and continuously validate everything.


View Nick’s talk here: