As cities get smarter, so do they become more attractive to hackers and cyber-attackers. With so much personal and private date flowing through the system, how do we ensure the cities of the future are also secure ones?

With urban populations expanding, some cities are struggling to cope under the strain, as out-of-date and defunct infrastructures buckle under the weight of a modernised, and fast-growing society.

According to reports, 92.2% of the UK population is expected to live in cities by 2030.

As city populations increase, so too does the need to efficiently and suitably manage them to provide a safe, secure and prosperous environment for all. That’s where smart cities come in.

The base of any smart city consists of a network of multi-connected sensors, reporting and recording mountains of data as a picture of everyday life in the city. This data can be used to reshape and remodel processes and assets and supply chains, and improve and enhance the overall network and efficiency processes that run a city. This network of sensors is called the Internet of Things (IoT).

With a plethora of personal and private data being collected and analysed across the network, so does it become a more attractive prospect to hackers and cyber-attackers looking to capitalise on such integral and important infrastructure and data streams.

Ensuring these networks are secure and robust is going to be vital to the perceived success of any smart city. Pitfalls or holes in the network could lead to potentially damaging, or even life-threatening situations. Ensuring people’s data is safe is likely to be integral to generating any form of trust or public backing towards a smart city project.

Enhancing smart city security

This means putting security and privacy at the top of the priority list.

So, what can be done to limit the chance of a security breach and buff up a network’s resistance to attack?

The Department of Culture, Media and Sport (DCMS) have already produced a Code of Practice for consumer-generated IoT products. These guidelines have been put in place to ensure that any company designing IoT products and end-points build ones that feature security by design. Further to this, the European Parliament has also backed a voluntary cybersecurity certification framework, one that will be certified by the EU Agency for Network Information Security.

There are a few things that can be implemented to improve the security of an IoT network. However, it isn’t as simple as installing anti-virus software. Anti-virus can’t be installed on any current end-point device. Further, standard firewalls don’t often work because of the nature of the mobile connection and range of devices that connect to an overall digital network.

Biometrics for smart city security 

One approach could be to implement biometric authentication processes for all cloud and end-point access. A solution such as this would mean that only those granted permissions would be able to affect changes upon the network, and even then login would only be granted via fingerprint data. 

Access to sensitive systems and public personal data would then at least have the buffer of select biometric login, which although not foolproof, certainly enhances the overall safety and exclusivity of the network.

Regular auto-updates for smart city security 

The issue with many current IoT networks is that updates are a manual task, and naturally, many users forget to run said updates. This can lead to critical holes and issues within the network that open the door to cyber-attacks. In a large-scale city-wide IoT network it would obviously be near-impossible to manually update each device.

Building in auto-updates would ensure that each device monitors its own health and auto-install any security patches or new software from authorised, trusted developers. 

Compartmentalisation for smart city security 

The compartmentalisation of end-points ensures that each device can remain autonomous within the network, even as it is connected to the wide digital infrastructure. Isolating particular end-points can stop the spread of viruses or limit the moveability of a hacker within the network if a particular device is identified as the point of entry. 

Multi-layered protection and authentication 

Building in security by design can ensure that a smart city network is best placed to withstand any attempted breach or cyber-attack. Ensuring that the overall network and each device therein, or at least the ones owned and controlled by the authority, deploy a multi-layered protection system can make it a more daunting and less appealing hack task for any would-be intruders. Though not foolproof, multi-layered authentication can at least act as a deterrent, and is an overall improvement on basic one-step network logins.