7 minute read 3 Oct 2021


Computer programmer working late on his high tech computer systems

How can governments safeguard smart cities against cybersecurity threats?

By Samer Omar

EY MENA GPS Consulting Cyber Competency Leader

A passionate cybersecurity enthusiast who enjoys solving complex problems, traveling to new locations and sports.

7 minute read 3 Oct 2021

Show resources

As smart cities move toward rapid digitalization, focusing on disruptive technologies to develop an advanced IT and system infrastructure, the potential risk of cyber attacks
increases with it.

In brief
  • Cities with Inhabitants over 10 million people will increase from 33 in 2018 to a projected 43 in 2030 with a rise to 2.1 billion residents over the age of 60 by 2050.
  • Smart cities are extensively utilizing new technologies such as artificial intelligence (AI), biotechnology, machine learning, big data, quantum computing and 5G to offer smart services to residents, which in turn has substantially improved their lifestyle and well-being.
  • The rush to implement disruptive technologies and innovate systems and operations opens smart cities to multiple attack surfaces and vulnerabilities across the city ecosystem; exposing themselves to a growing number of security risks.
  • In such a scenario, a Security by Design approach is essential to safeguard smart cities and prevent cyber attacks. Security by Design is a new approach to cybersecurity that builds in risk thinking from the onset, enabling global innovation with confidence.

As the number of city residents continues to increase, the demand for rapid expansion and digitalization of urban areas into smart cities has further increased. By 2050, approximately 70% of the world’s population is expected to live in cities. This expansion requires technological and sustainable improvements to balance the social, economic and environmental impacts of these migrations.

The EY Security by Design report covers the challenges, risks and potential solutions for governments to safeguard smart cities from threats and attacks. Although different challenges require differing approaches to the implementation of a digitally enabled ecosystem, the three core considerations during transformation are population risk awareness, effective processes and adoption of disruptive technologies.

The report covers five main topics essential for cybersecurity in smart cities and identifies trends for governments to prepare for including infrastructural improvements, digitalization, population increases, complimentary regulations and agile response teams, and operating models. The five topics are discussed in detail in the EY Security by Design report (pdf):

  1. Disruptive technologies
  2. Security challenges and solutions
  3. Cybersecurity trends
  4. Cyber threat landscape
  5. Government considerations

These components help governments to stay ahead of cybercrime and that they are able to innovate, prioritize and understand the risk landscape and opportunities for security control. These critical areas also ensure that smart cities are initially designed and built with a Security by Design concept in mind.

(Chapter breaker)

Chapter 1

Disruptive technologies at work

Developing intelligent infrastructure through gathered insights

Governments have harnessed disruptive technologies to improve decision making and enhance efficiency while reducing challenges. The primary benefits include the development of intelligent infrastructure through gathered insights. There are three primary technologies impacting smart cities:

  • Internet of things (IoT) and sensors: These sensor based technologies gather data which is analyzed for transformative digital implementations. The increased cloud computing usage has led to an increased number of entry points for cyber attackers. Governments must consider data protection politics, defense approaches and security solutions to mitigate risk.

  • Connected cars: Automotive suppliers face challenges with respect to protections for connected and autonomous vehicles due to lack of regulations. A Security by Design approach would require standardizations and minimum security requirements for manufacturers to implement.

  • Smart meter and smart grid: These predictive technologies collect large amounts of data through partnerships and need to be protected. Detective, preventative and reformative measures need to be integrated alongside government regulatory frameworks, policies and procedures to help to digitally transform the power infrastructures.
(Chapter breaker)

Chapter 2

Security challenges and solutions

Exploring innovative strategies to make up for outdated technologies

To ensure sustainable development of smart cities and overcome the challenges of antiquated infrastructure during the rapid urbanization, cities must rethink their innovative strategies to counterbalance outdated technologies.

Estimated cities


Will have between 5 and 10 million inhabitants by 2030.

Eight core security challenges have been identified for the consideration of cities across Africa and the Middle Eastern regions:

  1. Insecure hardware: a lack of testing and standardization has let to vulnerabilities to cyber attacks and signal failures.

  2. Linking vision with strategy and policy: a misalignment between strategies, policies and regulations and the vision for smart cities.

  3. Multiple implementation programs: numerous initiatives running in parallel leads to the prioritization of solving logistical challenges and a lack of attention on security vulnerabilities.

  4. Larger attack surface: an increased number of potential entry points for hackers due to the large number of individual devices connected to the network.

  5. Inadequate funding and finance: cities often compensate for reduced budgets by decreasing cybersecurity budgets in favor of large-scale technology investments.

  6. Lack of standardized security architecture: a lack of standardization and communication between city systems and security controls.

  7. Operational Technology (OT) infrastructure security controls: an OT infrastructure that is administered by a generic IT infrastructure.

  8. Deployment of disruptive technologies: a lack of practicality and cost-benefit analysis in adopting disruptive technologies.

Governments need to take an active role in the urbanization and transformation of cities and embed a Security by Design approach into their smart city transformation and technology implementations to reduce the risk of cyber attacks.

They must also establish responsible committees, security initiatives and a multifaceted defense-in-depth approach to protect connected devices while taking note of the potential challenges. In order to develop sustainably, governments must also factor in costs and security architecture design to account for rapid urbanization.

(Chapter breaker)

Chapter 3

Cybersecurity trends

Knowing the trends to stay one step ahead

EY researchers identified thirteen trends that may pose a challenge to the infrastructure of a smart city:

  • IT infrastructure improvement
  • Rise of megacities
  • Demographic shift
  • Technology implementations
  • IoT
  • Carbon removal solutions
  • Cybersecurity expertise
  • Harmonization
  • Crown jewel identification
  • Cybersecurity program refresh
  • Computer emergency response
  • Laws and regulations
  • Agile operating model

The most staggering trend is the discrepancy between cybersecurity implementation and smart city digital adoption. According to the IMD Smart City Index Report 2020, security is not considered a priority for top-ranking smart cities, an initiative that should otherwise be inseparable from smart city developments.

(Chapter breaker)

Chapter 4

Cyber threat landscape

Understanding the entirety of potential and identified cyberthreats

Almost half of corporate boards believe that cyber attacks will harm their business over the next 12 months. In order for smart cities to develop their cybersecurity, they must first understand the threat and risk landscape.

WGS graphic 01

Governments and authorities must consider the types of threats and potential impacts of the attacks and proactively assess and account for cybersecurity safeguards. The EY report identifies three categories of cyber attacks on governments.

WGS graphic 02
(Chapter breaker)

Chapter 5

Key considerations for governments

Toward safer and sustainable new infrastructures

As new technologies are adopted and smart cities utilize more interconnected systems with single data consolidations, new procedures and regulations are required to ensure the safety and sustainability of new infrastructures.

Governments must account for seven key considerations to maintain a resilient smart city:

  1. Interaction and collaboration: the relationship between cybersecurity and other teams and lines of business
  2. Big data and predictive analytics: considering big data management and the application of security controls to information databases and repositories
  3. Testing environment: mandating the usage of testbeds across all critical infrastructures and new technology systems
  4. Security Architecture: creating standards for architecture based on infrastructure networks, data collection, IT platforms, city structure and service offers
  5. Zero trust and micro segmentation: security procedures to authenticate users and segmentations between cities to mitigate threats
  6. Physical security: Implementation of security cameras in conjunction with AI technology
  7. Public-private partnerships: Government support by the private sector to mitigate the challenges of rapid urbanization


Today, it has become imperative that governments across the world analyze the importance of having an impenetrable cybersecurity system in place, and disseminate cyber awareness to the masses, to thwart any possible attacks. Staying one step ahead of cybercriminals is the need of the hour, as the world stands battered by the COVID-19 pandemic and is forced to rely on the virtual connectivity across all fields and sectors. The governments need to prioritize assets, understand the risk landscape and implement enhanced levels of security control to better manage and mitigate the forthcoming risks.

About this article

By Samer Omar

EY MENA GPS Consulting Cyber Competency Leader

A passionate cybersecurity enthusiast who enjoys solving complex problems, traveling to new locations and sports.