Smart cities are set to change our lives in ways we have little chance of predicting. Martin Allen-Smith examines the opportunities and challenges for risk professionals

Most will have seen the news stories about driverless cars and a transportation future in which technology all but removes the element of human error, and with the apparent potential to cut the risk of accidents by up to 90 per cent, according to some estimates. Trials this year have taken place in four UK cities – London, Bristol, Coventry and Milton Keynes – each testing a different version of this car of the future.

This may sound like headline-grabbing stuff, but there is a lot more to this than just another far-fetched vision of the future; it could be said to represent a massive new technological trend that is revolutionising the way our towns and cities will operate in the future. This new reality will have profound implications on the way organisations both private and public sector will operate in years to come.

The term ‘smart cities’ covers a wide range of technological developments affecting a multitude of aspects of city life. Crucially, it means different things to different cities. For some, the priority may be finding ways to relieve pollution or congestion using sensors and data analysis.For others, it is more about making cities greener with bike-sharing schemes or more open spaces.

In some regions, smart city technology has been built into new cities right from the start – Songdo in South Korea has high-tech functions built in to its infrastructure, whilst Masdar in the United Arab Emirates has been created as a model for green thinking in city planning.

Other cities are having ‘smart retro-fits’, with Barcelona, San Francisco and São Paulo often cited as smart city standard bearers; but also smaller cities such as Santander, Spain, which has focused a lot of time and investment on integrating sophisticated sensor systems to improve transport, lighting and waste efficiency.

The UK is keen to be at the forefront of smart city development and, as such, the government ran an initiative in 2014 to help boost progress. The victor was Glasgow, which received £24 million to spend on smart technologies. Around half of the money has been spent on an operations centre filled with screens monitored by the police, traffic authorities and emergency services. It has also upgraded its CCTV system and intends to spend on research into how data can be used to predict crime, as well as systems such as intelligent lighting to help reduce the city’s massive energy bill.

A key facet of this and many other smart city programmes is the element of opening up a range of city data that stakeholders can access via an online dashboard for a wide range of purposes, from reporting crime to identifying and remedying infrastructure problems.

In Bristol, a joint venture between the city council and the University of Bristol is exploring some of the possibilities, and looking at how they could benefit the city. The initiative revolves around a software-defined network which creates a city operating system from which all the other elements can be run.

Paul Wilson, managing director of the Bristol is Open initiative, explains: “There are many Internet of Things[-related] activities happening in towns and cities across the country and it is taking off at an incredible rate. What we have done though is create a management framework for all of the many smart initiatives in Bristol and this is pretty much unique. Without this framework, each of these would be operating in a quite disparate way with lots of incompatible data coming in.”

He adds that by managing it more comprehensively, it is possible to start treating the city as a ‘thing’ in itself. With global city populations rising each year – including within the 28 megacities, which each have populations of over 10 million people – it’s not hard to see why it might make sense to get a handle on safety, efficiency and, ultimately, quality of life. “For example,” Wilson says, “the health service creates a lot of traffic, and yet there is no link or communication with the people who manage transport services. If you began to garner all this at some kind of city level, then you could link transport and health in a way that somehow optimises the whole thing.”

While some of this may seem a tad fantastical, and will be a journey that Wilson says “will no doubt last the rest of our lives”, the foundations are being laid now that will enable us to think and manage at that level in the future.
It is a data-driven future that involves making significant amounts of information available for people and organisations to access and share. And for ordinary citizens, this could herald an age of participation. For example, the Open Data Institute in London even runs challenges inviting people to use open data to come up with solutions for transport, energy or waste management challenges affecting the area in which they live.

Patrick Driscoll, a research fellow at the Danish Centre for Environmental Assessment and who has advised on smart city and cybersecurity initiatives in Denmark and in the US, warns that the resilience of some of these initiatives has to be prioritised – particularly when it comes to the core infrastructure. “Every time you create an access point, you increase vulnerability. This means data security problems, network security problems, considerations over having data and systems in transit, as well as data and systems in storage.”

“A lot of the organisations that may be expected to be at the heart of smart city initiatives – the utility companies handling energy, waste and water for example – are not accustomed to being in the internet threat environment. They don’t know what they’re facing and they don’t really have a good overview of where the potential downsides could come from.”

This scenario of people who are not attuned to the threat environment and without adequate processes to address those threats is a major concern, since, says Driscoll, “it is not a question of if, but when those systems will be compromised. There’s no doubt that they will.”

Sophisticated surveillance malware, or super-malware, could have profound consequences for large scale aggregated data systems or municipal networks. “It may not matter so much to small scale projects,” Driscoll adds, “but when you’re talking about traffic lights, street lighting, or the energy grid itself, you can see why the impact could be significant.”

Barriers to progress

One of the barriers to establishing a strong and resilient smart city development culture could be the lack of willingness to share experiences. This occurs both in terms of guarding the details of breakthroughs and progress on initiatives from other commercial competitors, and also a desire to bury bad news about system or data hacks. Driscoll believes that in this rapidly changing smart city environment where the stakes are so high, there needs to be some form of mandatory reporting requirement for cybercrime in which incidents are shared and tackled.

From a risk management perspective, the serious issues are less to do with driverless cars and fully automated homes, and more to do with network vulnerabilities, the fault tolerances in the systems, and the challenge of integrating lots of data from thousands of sensors.

There are also risks as yet unknown from the social impact of some of the complex data integration that smart cities entail when combined with what could be perceived as a fairly blasé attitude towards regulatory and legal compliance. Linked to the EU ‘right to be forgotten’ ruling is the question of who owns the data generated by sensors and other components of a smart city network. Regulatory backlash is vital to plan for – in Denmark for example, new laws have just been introduced to restrict the use of ‘WiFi sniffers’ put in place within three major cities primarily for the purposes of gathering transport and people movement data. The problem is that, in theory, this data could be triangulated to identify the whereabouts and movement of an individual, potentially infringing the individual’s right to anonymity. Future regulatory restrictions – and civil liberty concerns – need to be factored in right from the start.

It all adds up to a huge opportunity for risk professionals, who need to insert themselves at the earliest stages of smart city initiatives if these projects are going to have the right balance of innovative development and strong resilience.

Irrespective of the precise ways in which our cities of the future may develop, there are strong drivers for change on a large scale. Estimates suggest that 70 per cent of the world’s 9.6 billion people are forecast to live in cities by 2050 (compared to 54 per cent today), making the problems of global urbanisation a major growth industry.

There’s little doubt for anyone involved in a smart city sector that is already worth £16bn that we are now at the embryonic stages of what will be a revolution in technology and urban development, and it is one in which – perhaps for the very first time – there is an opportunity to ensure that sound risk and resilience principles can be embedded right from the beginning.


This article was published in the March 2015 issue of CIR Magazine.

Download in PDF format

Click here for more interviews and analysis

Contact the editor

Share Story: