Importance of Risk Management for Secure Cyber Cities

• May 2023
• Grant Furlane, LocoMobi World

On September 30, 2019 the World Economic Forum published a report stating that cities are easy prey for cyber criminals.

More than three years later this remains true. Especially with more smart technology and the Internet of Things (IoT) being incorporated into city infrastructure and buildings.

Many cities are using artificial intelligence and machine learning for public transport systems like rail and air, traffic management, access to public buildings, and surveillance.

In the process a lot of data is collected, processed and even analyzed ostensibly to make well-informed decisions. In a time when digital attacks, cybercrime, and breaches are on the rise and seem easier to get away with, there needs to be concern about data protection and transparency regarding what people’s data – supposedly for utility purposes – is used for.

Smart cities or cyber cities will by default be connected to a local government system that is more prone to these types of attacks. It is therefore imperative for organizations that are invested in or are providing services and technology within the IoT and cloud computing of cities and buildings to have an element of risk management and mitigation at the core of their work. Governments should have technology management offices to monitor what is going on.

Stephen Meagher who is the Director of Cybersecurity and IOT, Risk Advisory at Deloitte Canada was on the LocoMobi World-sponsored TheSmartCity.Blog podcast to discuss the future of cyber cities. The conversation quickly formed around the security challenges that come with the interconnectivity of communities in cyber cities. 

Stephen said a smart city is a place for everyone. It is not just about businesses and what they can gain, but also about the people living in cities. They need an ambient community.

In order for this to work, every aspect of utility sold or offered to the people has to be based on trust. The organizations providing the technology or the accompanying utility to the people in a city must be ready to answer questions on how they will use the data they are collecting from residents. They have to communicate and be transparent about how the data and analytics will be used. This must be for the right reasons.

People have to feel safe in the utility. According to Stephen, they will engage when they are assured that what is being offered as a great solution for them is safe.

Stephen’s area of expertise is risk advisory and Deloitte is the biggest provider in the world of consultancy advisory on smart cities. They help their clients develop solutions and frameworks to keep people’s data and infrastructure secure.

Talking to podcast co-hosts Alan Cross and LocoMobi World Co-Founder and CEO Grant Furlane, Stephen said smart cities take a long time to take off because the concept is a huge monolithic problem. Any organization that wants to be involved in that type of infrastructure has to have a clear vision of what they want the city to be for the people in it. 

“There should be a single vision of how to make the world better as a whole and evolve within technology. Not technology for the sake of it, but based on what you intend to achieve,” said Stephen.

This requires risk management. In Stephen’s words, it is not about the technology itself but the access to it. Where is it going?

He said emerging technologies like IoT, artificial intelligence and blockchain are now converging. There should be concerted risk advisory efforts on these being applied in the right environment, at the right time, for the right client. 

Organizations building smart cities have to be fully engaged from day one for the sake of security. There has to be an element of security by design from start to finish for smart cities or cyber cities.

All processes and elements involving smart technology should have policies and procedures that protect the organizations and their clients or customers. There should also be a clear picture of how all these can evolve as time goes by. This is because using artificial intelligence or even quantum computing to develop smart cities has huge opportunities as well as risks. When data breaches or security lapses occur, focusing on the risks as much, or even more, than the opportunities will help you build trust with people in the future. The purpose of collection and use of biometric information—especially face-recognition technology that can be used for surveillance—must be clearly determined during a risk advisory process if its collection and use cannot be clearly identified.

The role of risk management and advisory is to put new technology into context and advise on the best way to move forward with it, according to Stephen. The IoT can do so many good things but it can also be a weapon if it falls in the wrong hands.

Stephen said cybercrime is becoming more of a challenge for nation states, especially in smart city infrastructure like oil and gas, and rail systems that are high risks because of the harm that can be caused if the technology is compromised. It is therefore crucial for governments to have technology management offices to monitor what is going on.

The risk will always exist, which is why user experience is so crucial for building trust. Trust is earned through direct communication with users. They should be able to know as quickly as possible why their data is being collected, the utility purpose it serves, what happens if their data is used for different purposes, and how secure their data is even after a security breach.

Stephen said organizations should build secure smart cities that people can get into with full confidence that their data is only used for intended purposes.

According to him cyber cities or smart cities are not purely technological businesses and to succeed the must have:

• Vision
• Communication
• Leadership 
• Trust