Skip to main content
Smart Cities

The smarter the city, the scarier the cyber risk

As cities collect more data, cybersecurity is becoming more important than ever before.
article cover

Jaczhou/Getty Images

4 min read

Smart cities collect a massive amount of data. These tech-savvy cities, and the companies they partner with, are collecting data on traffic flow, waste management, utilities, and, in some cities, faces.

The immense amount of data a city can collect—upward of 2500 petabytes per day from surveillance cameras alone in 2019—and store in data centers is wide-ranging. Seattle, for instance, collects info on everything from driver’s licenses to trade-union membership. And with more data and more data centers, cities are at an increased risk of cyberattack, whether in the form of data breaches, ransomware, or malware attacks.

In this new digital landscape, industry experts said it’s incumbent on municipal governments to manage the data they collect and to protect it from bad actors.

“The data that's collected dictates the sensitivity,” Scott Rubin, adjunct lecturer in cybersecurity risk management and the applied intelligence program at Georgetown University’s School of Continuing Studies, told Emerging Tech Brew. “If the smart city just wants to know foot traffic, data impact is pretty low.”

Rubin added that the biggest risk for residents of a smart city stems from the potential leaking of personal identifiable information, or PII, which could include anything from names, phone numbers, Social Security numbers, addresses, and bank accounts.

If a city keeps that type of data and it gets compromised, that can be devastating to cities.

The amount of data that can be generated by IoT devices is staggering. A 2021 estimate from the International Data Corporation projected there would be 55.7 billion IoT devices generating almost 80 zettabytes (ZB) of data by 2025.

New York State invested over $60 million in February to establish a Brooklyn-based cybersecurity joint-operations center to service the cities of New York, Albany, Syracuse, Buffalo, Rochester, and Yonkers. In Seattle, the city’s digital security and risk budget jumped from $5.3 million in 2020 to $8.4 million in 2021, although it decreased the budget to $7.5 million for this year.

Rubin said that cities have the ability to insulate themselves from potentially damaging cyberattacks by first identifying the data they might need to collect from citizens and then getting rid of the data that doesn’t fit that criteria.

Keep up with the innovative tech transforming business

Tech Brew keeps business leaders up-to-date on the latest innovations, automation advances, policy shifts, and more, so they can make informed decisions about tech.

“When you want to know phone numbers, IP addresses, you want to know the last place they visited on their browser or their last physical geolocation from their phone, you’re now getting into the life of that person. And your responsibility to protect [that data] is through the roof,” Rubin said.

There are multiple examples of cities from Greenville, NC, to Atlanta, GA, to Matanuska-Susitna Borough in Alaska, suffering cyberattacks that crippled services and impacted the population.

In Atlanta, a 2018 ransomware attack targeted the city’s computer system, causing it to shut down its municipal courts, which, in turn, prevented residents from paying water bills and traffic tickets. The city declined to confirm that it paid the $51,000 in Bitcoin ransom and, in the aftermath, poured over $2.7 million into “a stable of security consultants and crisis communications experts,” according to the Atlanta Journal-Constitution.

For smart cities, the traffic systems that are made up of sensors and cameras could be targeted, potentially damaging transportation across the city, according to David Keppler, senior principal cybersecurity engineer at The Mitre Corporation.

Keppler told Emerging Tech Brew that while cities can’t fully protect themselves from every manner of cyberattack, they can focus their efforts on resilience, shoring up their systems and readiness in the event of an attack, so they are able to operate through it, ensuring that as little data as possible is affected.

“It’s making sure that if people are relying on the services, they’re going to continue working correctly and safely. It’s doing everything possible to design the systems so it can meet that objective, which is subtly different than just trying to make sure that all your patches are up to date and all of the vulnerabilities you know about are fixed,” Keppler said.

Keep up with the innovative tech transforming business

Tech Brew keeps business leaders up-to-date on the latest innovations, automation advances, policy shifts, and more, so they can make informed decisions about tech.