ukncsa.orgNational Cyber Security Association

UKNCSA Articles

Is the Emergence of Smart Cities Seeding Expensive Problems?

Is the Emergence of Smart Cities Seeding Expensive Problems? We are seeing an ever increasing use of Internet connected devices being used in building management systems (BMS). While the use of IoT devices improves building management efficiency and reduces energy use by optimising operations, the security of these devices is still a low priority.

The industry expects that more that 30 billion devices will be installed by 2025, the estimates vary widely though, mainly because of 5G being able to carry so much bandwidth that the effect on the global market is still a huge unknown. Then there are other networks being developed such as NB-IOT (Narrowband IOT), LoRa, and Sigfox, all low-power, wide-area network (LPWAN) technologies. Whatever the numbers turn out to be, a large proportion will be deployed to automate buildings and other urban infrastructure, in other words: “Smart Cities”.


There is currently a convergence taking place of IT and operations technology (OT) with industrial control systems (ICS) which include supervisory control and data acquisition (SCADA) systems and of course, building management systems (BMS). This convergence and merging of technologies will be used to vastly improve the operation and capabilities of city infrastructure leading to potentially very high savings in energy and resources. Not only savings in energy but there is also a high potential for increased comfort and health, clearly enormous benefits could be available to society and the individual. However, we have to realise, that at the same time, this means that the cyber attack surface is also growing, spreading out at the same, exponential rate.

The Seeds with Repercussions

So unless cyber security is taken seriously now, in the near future there will be hundreds of ways to disrupt city life. Many of these systems may contain information about individuals – so the protection and privacy of personal information must be considered. Clearly, more than just minor disruption could occur, there is the risk of serious injuries and threat to life if the power grid, self driving cars, hospitals, and building lifts could be attacked by a criminal sitting in their home several thousand miles away.

It is clear, very clear, is it not, that if we allow billions of insecure devices to be integrated into smart cities just because they are cheap and convenient now, we will be sowing seeds with very expensive repercussions. And these repercussions will be upon us very quickly. The IoT devices which are currently deployed in the UK medical field are already frightening. Medical equipment with insecure wifi internet access or USB update ports which can easily be compromised. There are some major players, credible solutions providers, which do provide very stringent end-to-end security right through to IoT devices and sensors. It is these companies which will hopefully lead the way.

The Need for Accountability

We can not expect the manufacturers to lead the way in securing their devices. Presently the main driving forces are cost and convenience. Security will only be important if it becomes clear that supplying insecure devices is considered legally and socially negligent. If that is established, then those who are designing, specifying and procuring devices for smart cities will be held accountable for the security aspects and repercussions.

Here in the UK and around the world, cities are getting more connected, new urban areas are being designed as smart city centres. There is a huge potential for both beneficial outcomes and increased cyber disruption. Governments need to introduce guidelines and encourage higher standards to prevent the proliferation of insecure IoT infrastructure and ensure we make the right choices.

Author: David R. Bird.
MSc Cyber Security, CISSP.
Contact: Please use the form below.

In order to get the Weekly Cyber Bulletin and news of the
new articles in your email ... Sign up for free membership.



First Name: 
Last Name:
Email Address:

A confirmation email will be sent to this address

Company Name:

Membership Type:

Your Requirements:

How many flags do you see in the image above? 

Obviously, we need to communicate with you about your membership; to advise you of changes and improvements to the services. Tick to approve.
YES, send me the UKNCSA Weekly Bulletin.

UKNCSA™ is the National Cyber Security Association™ for the UK.
UKNCSA is administered by UKNCSA Ltd (a non-profit organisation).
Company Reg.11995004
Reg Office. 101 Avondale Road, London N153SR.
Sharing helps our association.