The city of the future needs smart, secure and resilient infrastructure solutions

The city of the future needs smart, secure and resilient infrastructure solutions

According to the United Nations, the world population will reach almost 8.5 billion by 2030. As populations grow, so do cities. Even now more than half of the world’s inhabitants live in urban areas, and more than one million move from the country to the city every week.

This trend places enormous demands on people and infrastructures. Because only when communication, energy, safety, security and mobility of goods and people function seamlessly, can cities offer their citizens quality of life and a flourishing economy. For city planners, the answer to these challenges is the “smart city.” The foundation are uniform standards for intelligent, secure and resilient infrastructure solutions.

 The current process of urbanisation is reflected not only in housing shortages and sky-rocketing rents. European cities, in particular, were built based on 19th-century principles, and the individual supply systems are often viewed in isolation. The exploding population is rapidly driving cities to their limits with respect to energy supply, security, digital communication, transportation and traffic. The concept of the smart city provides one answer. Its primary mission is to distribute existing resources efficiently. Networking individual supply systems through technical solutions should enable cities to respond dynamically to temporary demands, thus preserving their functionality.

Megacities as security bottlenecks

Urban space is especially vulnerable. Accidents, natural disasters or terrorist attacks and the resulting supply bottlenecks are even more severe in the face of dense populations, large numbers of people and an often overburdened transportation infrastructure. In addition, there is a clear correlation between the size of a city and its crime rate. 80 percent of recorded crimes occur in cities that account for a total of 50 percent of the world’s population. While that may be normal for tightly-packed urban areas, countermeasures are still needed to protect life and property as elementary freedoms and values.

The World Bank has estimated that, depending on the country, the total cost of crime can be as much as 25 percent of the gross domestic product (GDP). According to the European Commission, even the comparatively safe European Union spends at least five percent of its gross domestic product on costs resulting from crime and natural disasters. Such events have considerable consequences, not only for the persons directly affected but also for the community as a whole. Global value-creation chains and the war for talent pit not only economy against economy, but city against city. If city planners fail to guarantee safety, security, and supply, investors look elsewhere and highly qualified workers move to where they can expect the highest quality of life. To keep pace with global competition, cities have a vital interest in meeting these challenges.

The exploding population is rapidly driving cities to their limits with respect to energy supply, security, digital communication, transportation and traffic

Smart city: the unknown entity

The concept of the smart city promises to improve the quality of public and private services through digital technologies. At the same time, the city’s costs and consumption of resources drop, which in turn raises the well-being of all. Seen in that light, every city, no matter how small or large, wants to be “smart.” But what does that really mean? What criteria need to be met? Among the most pressing issues large cities face are the constant rise in traffic, energy use and emissions, the security and safety of the population, a reliable high-speed network, and finally, how to finance it all.

In spite of everything, however, there is no consistent definition of what a smart city really is. Different companies and business media have named initial indices. But those indices are as different as night and day, and hence inadequate in order to compare individual locations and their “smart city” qualities with any transparency. That would require uniform key performance indicators (KPIs).

What the various indices do share, however, is the lack of a KPI for the degree of protection, security and resilience of a city. But a city that is not safe and secure cannot be smart. So the smart city approach must be seen more holistically. Comparable and transparent benchmarks must be created while at the same time taking into account elementary safety and security standards.

Uniform standards are needed

Investors and experts need transparent key performance indicators to be able to assess smart cities, although the cities themselves and other stakeholders, e.g., city administration, police, fire department and civil defence, also rely on standards. Only then will it be possible to make systematic progress. Initials results are already in evidence. The Focus Group on Smart Sustainable Cities of the International Telecommunication Union (ITU), a special UN organisation, offers technical reports and specifications, such as in the areas of cyber security and data protection. In addition, a number of different KPIs have been defined to help rank smart cities in areas such as telecommunications. The ITU defines smart cities as follows: “A smart sustainable city is an innovative city that uses information and communication technologies (ICTs) and other means to improve quality of life, efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social and environmental aspects.”

A smart sustainable city is an innovative city that uses information and communication technologies (ICTs) and other means to improve quality of life, while ensuring that it meets the needs of present and future generations

Likewise at the international level, the International Standards Organisation (ISO) has defined in ISO standard 37120 a total of 100 indicators for measuring city services and quality of life. 11 of them revolve around safety and security. This includes indicators that target security, fire safety and crisis management as well as water, energy and transportation. That makes ISO 37120 the only standard with KPIs appropriate for measuring the degree of security and safety in cities on a comparative basis. Approximately 250 cities in 80 countries are participating in the introduction of this standard, including London, Shanghai, Toronto and Rotterdam. To this end, they report metrics like the number of deaths due to fire per 100,000 inhabitants and the response time of the police and fire departments after the initial call. This makes it possible to indicate transparently and verifiably just how safe a city really is.

The fact that ISO 37120 includes diverse safety and security indicators is no accident. Siemens security systems specialists actively contributed to the development of the standard in the relevant work groups. This led to the development of measurable and meaningful security standards.

Safety and security as the foundation of the smart city

The city of the future needs smart, secure and resilient infrastructure solutions. Smart city efforts that concentrate solely on smart energy use don’t go far enough. Until now, safety, security and resilience have often been viewed as convenient side effects that need no separate planning. But quite the opposite is true. An urban community can only function properly if normal life can resume as quickly as possible after an incident, such as a major fire or terrorist attack. Ideally, however, such incidents should be prevented in the first place.

This requires intelligent linking of individual subsystems and taking advantage of the resulting benefits. Interoperable systems offer safety, security and stability for critical infrastructures such as airports and data centres. One essential component is the physical security of infrastructures and IT networks. Even the most sophisticated firewalls are of little use if the door to the server room lacks a reliable access control system.

Protecting a city’s “virtual backbone”

Cities house not only important economic and intellectual resources such as universities, public buildings, offices and production facilities, but also transportation networks and critical infrastructures. In light of the ever increasing role of IT in providing urban services, the protection of this “virtual backbone” is becoming more and more critical.

In most cases, safeguarding critical infrastructures does not require reinventing the wheel. From security solutions in data centres and video surveillance to intelligent crowd evacuation, the security industry already has countless solutions in place. The task is to logically embed these solutions in a “smart city” context. This requires integrating a variety of systems – communication, automatic alarm, information and video surveillance systems – into a central command and control platform to ensure comprehensive and consistent incident response. Therein lies the heart of a smart, safe city.

The city of the future needs smart, secure and resilient infrastructure solutions. Smart city efforts that concentrate solely on smart energy use don’t go far enough

Implementing these security standards requires engaging all the stakeholders – from community administrations to NGOs and standards committees – in order to create policies that not only motivate their implementation but also set transparent international standards. ISO 37120 and the technical reports and specifications of the ITU are a good place to start. Weak points and possible countermeasures need to be defined and costs calculated. At the same time, we should not lose sight of the fact that the resilience of cities tends to be greatly overestimated and that in the end, technology is not the solution for everything. Committed citizens and efficient intervention forces are and will remain crucial for the security and safety of a city.

Safety and security matter in global competition

Cities have a fundamental self-interest in transparent and comparable smart city structures because safe and secure urban environments are especially attractive in the global competition for real and human capital. Often, even cities that see themselves as smart don’t adequately address the issue of safety and security. Therefore, one of the main responsibilities of politics is to identify the appropriate stakeholders and share in the development of solutions. This process requires defining clear safety and security standards for smart cities as well as providing or creating the means and incentives for their implementation.

The smart city concept will revolutionise urban life much like the industrial revolution did. To shape this revolution successfully and for the good of all, it is absolutely essential to create the proper foundation from the start. Safety and security must not be left until the end of the process.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

In case you missed it

Managing security during unprecedented times of home working
Managing security during unprecedented times of home working

Companies are following government guidance and getting as many people as possible working from home. Some companies will have resisted home working in the past, but I’m certain that the sceptics will find that people can be productive with the right tools no matter where they are. A temporary solution will become permanent. But getting it right means managing risk. Access is king In a typical office with an on-premise data centre, the IT department has complete control over network access, internal networks, data, and applications. The remote worker, on the other hand, is mobile. He or she can work from anywhere using a VPN. Until just recently this will have been from somewhere like a local coffee shop, possibly using a wireless network to access the company network and essential applications. CV-19 means that huge numbers of people are getting access to the same desktop and files, and collaborative communication toolsBut as we know, CV-19 means that huge numbers of people are getting access to the same desktop and files, applications and collaborative communication tools that they do on a regular basis from the office or on the train. Indeed, the new generation of video conferencing technologies come very close to providing an “almost there” feeling. Hackers lie in wait Hackers are waiting for a wrong move amongst the panic, and they will look for ways to compromise critical servers. Less than a month ago, we emerged from a period of chaos. For months hackers had been exploiting a vulnerability in VPN products from Pulse Secure, Fortinet, Palo Alto Networks, and Citrix. Patches were provided by vendors, and either companies applied the patch or withdrew remote access. As a result, the problem of attacks died back.  But as companies race to get people working from home, they must ensure special care is taken to ensure the patches are done before switching VPNs on. That’s because remote desktop protocol (RDP) has been for the most part of 2019, and continues to be, the most important attack vector for ransomware. Managing a ransomware attack on top of everything else would certainly give you sleepless nights. As companies race to get people working from home, they must ensure special care is taken to ensure the patches are done before switching VPNs on Hackers are waiting for a wrong move amongst the panic, and they will look for ways to compromise critical serversExposing new services makes them also susceptible to denial of service attacks. Such attacks create large volumes of fake traffic to saturate the available capacity of the internet connection. They can also be used to attack the intricacies of the VPN protocol. A flow as little as 1Mbps can perturbate the VPN service and knock it offline. CIOs, therefore, need to acknowledge that introducing or extending home working broadens the attack surface. So now more than ever it’s vital to adapt risk models. You can’t roll out new services with an emphasis on access and usability and not consider security. You simply won’t survive otherwise. Social engineering Aside from securing VPNs, what else should CIO and CTOs be doing to ensure security? The first thing to do is to look at employee behaviour, starting with passwords. It’s highly recommended that strong password hygiene or some form of multi-factor authentication (MFA) is imposed. Best practice would be to get all employees to reset their passwords as they connect remotely and force them to choose a new password that complies with strong password complexity guidelines.  As we know, people have a habit of reusing their passwords for one or more online services – services that might have fallen victim to a breach. Hackers will happily It’s highly recommended that strong password hygiene or some form of multi-factor authentication (MFA) is imposedleverage these breaches because it is such easy and rich pickings. Secondly, the inherent fear of the virus makes for perfect conditions for hackers. Sadly, a lot of phishing campaigns are already luring people in with the promise of important or breaking information on COVID-19. In the UK alone, coronavirus scams cost victims over £800,000 in February 2020. A staggering number that can only go up. That’s why CIOs need to remind everyone in the company of the risks of clickbait and comment spamming - the most popular and obvious bot techniques for infiltrating a network. Notorious hacking attempts And as any security specialist will tell you, some people have no ethics and will exploit the horrendous repercussions of CV-19. In January we saw just how unscrupulous hackers are when they started leveraging public fear of the virus to spread the notorious Emotet malware. Emotet, first detected in 2014, is a banking trojan that primarily spreads through ‘malspam’ and attempts to sneak into computers to steal sensitive and private information. In addition, in early February the Maze ransomware crippled more than 230 workstations of the New Jersey Medical Diagnostics Lab and when they refused to pay, the vicious attackers leaked 9.5GB or research data in an attempt to force negotiations. And in March, an elite hacking group tried to breach the World Health Organization (WHO). It was just one of the many attempts on WHO and healthcare organisations in general since the pandemic broke. We’ll see lots more opportunist attacks like this in the coming months.   More speed less haste In March, an elite hacking group tried to breach the World Health Organization (WHO). It was just one of the many attempts on WHOFinally, we also have bots to contend with. We’ve yet to see reports of fake news content generated by machines, but we know there’s a high probability it will happen. Spambots are already creating pharmaceutical spam campaigns thriving on the buying behaviour of people in times of fear from infection. Using comment spamming – where comments are tactically placed in the comments following an update or news story - the bots take advantage of the popularity of the Google search term ‘Coronavirus’ to increase the visibility and ranking of sites and products in search results. There is clearly much for CIOs to think about, but it is possible to secure a network by applying some well thought through tactics. I believe it comes down to having a ‘more speed, less haste’ approach to rolling out, scaling up and integrating technologies for home working, but above all, it should be mixed with an employee education programme. As in reality, great technology and a coherent security strategy will never work if it is undermined by the poor practices of employees.

How does audio enhance security system performance?
How does audio enhance security system performance?

Video is widely embraced as an essential element of physical security systems. However, surveillance footage is often recorded without sound, even though many cameras are capable of capturing audio as well as video. Beyond the capabilities of cameras, there is a range of other audio products on the market that can improve system performance and/or expand capabilities (e.g., gunshot detection.) We asked this week’s Expert Panel Roundtable: How does audio enhance the performance of security and/or video systems? 

How have standards changed the security market?
How have standards changed the security market?

A standard is a document that establishes uniform engineering or technical criteria, methods, processes, and/or practices. Standards surround every aspect of our business. For example, the physical security marketplace is impacted by industry standards, national and international standards, quality standards, building codes and even environmental standards, to name just a few. We asked this week’s Expert Panel Roundtable: How have standards changed the security market as we know it?