The unusual nature of cyber security threat facing cities and strategies to mitigate them

Dr Nicholas Allott talks through cyber security gaps that cities face at the International Conference on Evolving Cities 2022. Evaluating access, ownership and data flow, and the importance of mapping and auditing systems. A SmartCity is a highly connected ensemble of critical national infrastructure elements. This represents a huge potential for efficiencies and improved citizen.

Cover for The unusual nature of cyber security threat facing cities and strategies to mitigate them

Dr Nicholas Allott talks through cyber security gaps that cities face at the International Conference on Evolving Cities 2022. Evaluating access, ownership and data flow, and the importance of mapping and auditing systems.

A SmartCity is a highly connected ensemble of critical national infrastructure elements. This represents a huge potential for efficiencies and improved citizen services but at the same time a security threat of significant and growing proportions. SmartCities present certain distinct challenges that differentiate them from other critical infrastructures, namely the highly distributed and fragmented nature of the physical assets and processes that comprise this emerging SmartCity concept.

Nick explains typical problems SmartCities encounter, and methods in which to mitigate the risks.

Typical cyber security problems to consider

  • Smart cities are attractive attack targets

Critical national infrastructure which is heavily interconnected.

  • Weakest link in smart cities is “cheap IoT sensors” which are operationally connected to management systems

Outsourced PCB development and embedded code

  • Who supplied the wireless unit?

  • Who supplied the hardware?

  • Complexity of securing an evolving and interconnected system.

  • Who’s problem is it?

Who owns what assets?

  • Who is responsible for what (installation / operation)?

  • Who owns the data?

  • Who owns the API?

  • Can the system be connected?

  • Why are we working with them?

  • Culture & Skills

What cyber security processors are in place?

  • Do you have a chief information security officer?

What can be done about it?

  • Produce an inventory and audit of what you have got and work out what you should know.

Sensors

  • Databases

  • Workflows

  • Embed least privileged concept systematically across the organisation.

What is the MINIMUM amount of information that I need?

  • Zero trust

When it comes to security, check and continuously validate everything.

View Nick’s talk here:

Related Sectors

Volt4 — the verifiable trust fabric. Secure · Sovereign · AI-native.

100% UK founder-owned. No foreign parent, no foreign capital, no US platform dependency — and cryptographically provable.

Copyright 2026 NquiringMinds. All Rights Reserved