Building cyber-resilient cities in an increasingly digital world 

As cities become increasingly interconnected through digital technologies, the importance of strong cybersecurity measures and strategies only grows, as urban infrastructures have become prime targets for cyberattacks.

In the US, state and local governments were heavily threatened in 2023, forcing the Biden administration to send out a warning letter to all US governors to raise awareness about hackers specifically targeting public services and essential systems such as water and wastewater networks across the country.

Multifaceted approach to cybersecurity

Although urgent, there is no magic switch to enhance cybersecurity in cities. A multifaceted approach is required, focusing on three critical areas: technology, people, and processes.

Selecting and implementing technologies that incorporate security by design principles is the starting point. Security by design ensures that systems follow standards and guidelines that reduce vulnerabilities and risks, increase their resilience and reliability, and enable proactive threat mitigation.

Security by design is undoubtedly effective, but also cost efficient: fixing vulnerabilities at the end of the technology development process is much more expensive than addressing them early on.

Security is no longer an IT issue – it’s a city management issue. A shift in mindset is therefore necessary. 

But cybersecurity is not only about technology. Considering 90 per cent of security breaches come out of human inadvertent errors, it’s worth noting that comprehensive cybersecurity education is needed. City employees represent the frontline defenders against cyberthreats, so they must be equipped with actionable knowledge and skills to recognise and respond to potential risks.

Cyber awareness programmes, in-depth trainings, and regular testing are useful to educate people, share best practices and how to behave in case of anomalous events.

Cybersecurity as a cyclic process

Finally, cybersecurity must be managed as a cyclic process, as what’s secure today may not be secure tomorrow. Solid procedures and organisational structures should be established. Creating an internal security operations centre (SOC) or trusting an external SOC is a good solution to identify weaknesses, manage risks, and prepare the city to swiftly respond to cyber incidents.

Security is no longer an IT issue – it’s a city management issue. A shift in mindset is therefore necessary. Today the internet can be like a battleground and threats are not always immediately visible. Just as cities once built walls for protection, they now need to fortify their digital infrastructure and approach cybersecurity with the same seriousness as they would manage any physical threat to their communities.

Download the Insight Report: Considerations for building a cyber-resilient city, published in association with Paradox Engineering, here.

SmartCitiesWorld and Paradox are holding the panel discussion Building cyber-resilient cities: technology, people, and processes at Smart City Expo World Congress on 6 November 2024. Find out more and register here.