Do Smart Cities have Smart Security?

For over two decades, the rapidly growing urbanization, demographic trends and climate change are driving the transformation of our cities to smart digital cities. Smart cities combine their human capital with leading-edge ICT technologies in order to boost their sustainable economic growth and to improve the quality of life of their citizens. Nevertheless, the rise of smart cities introduces additional security vulnerabilities, which add up to pre-existing security challenges. For example, the increased digitization of modern cities adds cyber-security vulnerabilities that can be exploited by adversaries in order to attack the critical infrastructures and the social structures of modern cities. Such attacks can have tremendous socio-economic consequences, including a disruptive impact on the functioning of the city and life-threating implications for the citizens. Furthermore, in an era of rising urbanization, cities are confronted with more complex, asymmetric and unpredictable attacks, which usually compromise both cyber and physical assets. This is evident in some recent notorious security incidents in modern cities.

Security Incidents in Cities

During the first decade of our millennium, several notorious security incidents and terrorist attacks have manifested that modern cities remain vulnerable to terrorists and criminals. These included for instance, the collapse of New York’s Twin Towers on 11th September 2001, the bombing of packed commuter trains in Madrid on 11th March 2004, the London bombings in July 2005 and the bombing of the Moscow metro in March 2010. In response to these attacks, cities have established sophisticated surveillance infrastructures, along with data driven systems that generate a Common Operational Picture (COP) of the city operations and enable advanced threat intelligence. More recently, a number of more unpredictable, asymmetric, integrated and more distributed attacks have occurred, a prominent example being the attacks in Paris in November in 2015, when gunmen and suicide bombers hit a concert hall, a major stadium, restaurants and bars, almost simultaneously – and left 130 people dead and hundreds wounded. The Paris attacks introduced also an entire new dimension of urban security and safety, namely the exploitation of digital infrastructure for launching the attacks. Indeed, in the scope of the Paris attacks, social media were used for radicalizing young individuals and for supporting the execution of the attack. Furthermore, as cities become smarter and more digital, the importance of cybersecurity increases, as evident in recent attacks against smart cities’ infrastructures. For example, in March 2018, a cyberattack on poorly secured public computer systems in the smart city of Atlanta had a long-term disruptive effect on some of the city’s functions and led to a total recovery cost of over $10 million. As cities become digitally mature and smart, their vulnerability to cyber security attacks increases.

Emerging Challenges

In this context, state of the art security and surveillance infrastructures for smart cities fall short when it comes to preventing and confronting novel, asymmetric, decentralized and highly unpredictable attacks or complex civil protection incidents. State-of-the-art security platforms tend to consider cyber and physical security in isolation rather than as part of an integrated approach. This fragmentation of security platforms becomes very challenging when it comes to protecting multiple decentralized spaces and infrastructures (e.g., malls, theaters, exhibition centers, buildings, energy plants, factories) within a city. Each of these spaces is typically supported by a different set of security and surveillance systems, which are not interoperable with each other. Likewise, different security and safety stakeholders such as first responders, municipal authorities, critical infrastructures operators, cybersecurity officers, and Law Enforcement Agencies (LEAs), tend to operate a variety of different systems that are non-interoperable as well. Therefore, there is no easy way for these stakeholders to share information and to collaborate both before and during the occurrence of largescale asymmetric security events, when they must mobilize resources and collaborate with each other.

In order to effectively protect several public spaces of a city at the same time,  there is a need for deploying a very large number of security resources including humans (e.g., security officers) and systems (e.g., security probes), as a means of collecting and processing large numbers of surveillance data streams like streams from cameras, CCTV (Closed Circuit TV) systems  and other sensing and surveillance platforms. As the number of public spaces that must be simultaneously protected grows, this approach can become very costly and impractical.

The Future of Smart Cities Security

In light of these challenges, future systems for security smart cities must be characterized by the following properties:

• Integrated Cyber and Physical Security Functionalities: Smart cities are based on the deployment of various digital technologies and therefore the urban cyberinfrastructure in an integral and important part of a city’s functioning. Hence, an integrated security and protection approach that combines cyber and physical security functionalities in a single security center is required. Integrated security platforms are more effective than trying to correlate fragmented inputs from individual cybersecurity and physical security platforms.
• Seamless Information Sharing Across Stakeholders for their Effective Collaboration: In order to confront asymmetric and unpredictable incidents, there is a need for ensuring the effective collaboration of multiple security stakeholders such as first responders, critical infrastructures’ operators, municipal authorities, cybersecurity officers and more. This collaboration asks for seamless information sharing among stakeholders and their security systems, along with a need for implementing collaborative security functions like collaborative risk assessment, collaborative security monitoring and implementation of joint security policies.
• End-to-End Interoperable Urban Security: Modern attacks can go against multiple assets and spaces at the same time. It is therefore essential to orchestrate and coordinate not only human resources, but also security functions offered by different platforms at various physical locations of the city. This orchestration provides a foundation for the timely exchange of information between platforms and the subsequent implementation of the collaborative security functionalities.
• Predictive Security Features for Early Preparedness of Security Teams: The asymmetric and unpredictable nature of recent security incidents, calls for intelligent approaches that boost the early preparedness of security stakeholders. In this direction, leading-edge data processing techniques (including Artificial Intelligence (AI) algorithms) can facilitate the extraction of predictive indicators that enable security and counterterrorism organizations to anticipate risks as a means of mitigating them in a timely fashion.
• Increased Security Automation towards Cost Efficiency: The deployment of human security officers in different places of a city is a necessary but not sufficient measure to combat complex security attacks. This is because, the number of available patrolling officers and guards falls short when it comes to protecting areas that extend in the entire urban environment, especially in the case of medium and large-sized smart cities. Hence, there is a need for higher automation and intelligence in surveillance tasks, which could alleviate the need for deploying human patrols in all areas, while at the same time ensuring that human attention is brought to appropriate events. Emerging AI technologies and smart objects (e.g., drones, autonomous guided vehicle, mobile robots, smart wearables, security analytics) can provide very high degrees of automation and intelligence in surveillance tasks.
• New Regulatory Environments that facilitate Stakeholders’ Collaboration and the Use of Automation and AI Technologies: The deployment of AI-driven security in smart cities should be performed in a way that respects citizens’ freedom and privacy, while being compliant to regulatory mandates (e.g., like the General Data Protection Regulation (GDPR) in Europe. Intelligent, automated and collaborative security functionalities require new policy-making and regulatory developments that specify the scope of automated and collaborative operations, along with their compliance to existing and emerging regulations.

Overall, contemporary ICT technologies create significant challenges for urban security, yet they also offer opportunities for creating novel, intelligent and cost-effective security environments that make cities more secure at a cost of some reasonable investments in ICT technologies. This can prepare cities for confronting the recent wave of complex, asymmetric and unpredictable security attacks.