{"id":4951,"date":"2025-09-19T07:00:00","date_gmt":"2025-09-19T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4951"},"modified":"2025-09-19T07:00:00","modified_gmt":"2025-09-19T07:00:00","slug":"cybersecurity-in-smart-cities-under-scrutiny","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4951","title":{"rendered":"Cybersecurity in smart cities under scrutiny"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Improved connectivity and the increase in connected devices are directly impacting the\u00a0popularization of\u00a0smart cities<\/a>. Local governments are promoting projects that integrate new smart technologies to benefit citizen services, both independently and in collaboration with other levels of government or entities.<\/p>\n

A recent United Nations study<\/a>\u00a0presents a global overview of the adoption of these tools, with 69% of municipalities worldwide having a strategic agenda in this regard. But\u00a0as the number of connected devices grows, so too does the attack surface: It is estimated that around 83,000 sensors were deployed in 2024.<\/p>\n

There are already many real-world examples of how\u00a0networked sensors can be a gateway for cyberattackers. In 2017,\u00a0Dallas\u2019s tornado alarm system was hacked<\/a>, causing all its alarms to sound at once. That same year, shortly before Donald Trump\u2019s first inauguration,\u00a070% of Washington, DC\u2019s video surveillance system was blocked<\/a>\u00a0by\u00a0ransomware. <\/em>In 2021, the concentration of a chemical component in\u00a0a water treatment plant in Florida<\/a>\u00a0was altered. Urban transportation is another sensitive area, with examples such as the 2023 cyberattack\u00a0on the transport management system of the Polish city of Olsztyn<\/a>, known as one of the leading smart cities, which caused traffic jams or made it impossible to buy tickets for city transportation.<\/p>\n

The possibilities for attack on civic services only increase as more devices become integrated: environmental measurement systems, irrigation systems, waste management systems, and gas and electricity management systems in public buildings, for example.<\/p>\n

The complexity of smart city risks<\/h2>\n

For\u00a0Enrique Dom\u00ednguez, head of CyberPhysical Security at Accenture in Spain and Portugal, \u201csmart cities introduce unprecedented complexity in terms of cybersecurity due to the hyperconnectivity of their critical systems \u2026 and the multiplicity of actors involved in their operation.\u201d<\/p>\n

As a result, the entire perimeter\u00a0must be secured, as these are public services and the breach of a single device can lead to a chain reaction that impacts the entire city.<\/p>\n

The scenario becomes more complicated when considering the disparate generations of equipment that are often combined in smart systems, many of which are obsolete or on the way to becoming so.<\/p>\n

\u201cThese types of sensors are a gateway to corporate networks,\u201d emphasizes\u00a0Carlos de la Cuesta, head of the public sector at the digital solutions company Zebra Technologies in Spain. Whereas new technology leaves the factory with protection mechanisms, there are still many\u00a0legacy\u00a0devices in city networks that are quite vulnerable, he says. \u201cThey allow access to things that, although they may seem irrelevant at first, can become a problem.\u201d<\/p>\n

De la Cuesta mentions the case of an artist who became famous in 2020 for\u00a0\u201chacking\u201d Google Maps<\/a>: The artist carried 99 smartphones with the location system turned on in a cart, which the navigator detected as just as many vehicles and, therefore, warned of traffic jams in areas that were actually empty.<\/p>\n

\u201cThat\u2019s why it\u2019s important that everything is controlled and secure, that it\u2019s as inaccessible as possible, because\u00a0100% complete security, as we all know, doesn\u2019t exist,\u201d de la Cuesta says. \u201cThere will always be a point where it declines, but it\u2019s about putting up as many obstacles as possible and making them as difficult as possible to access.\u201d<\/p>\n

\n

Enrique Dom\u00ednguez, Accenture<\/p>\n

Accenture. En la imagen, Enrique Dom\u00ednguez.<\/p>\n<\/div>\n

Rosa D\u00edaz Moles, director of public sector at S2GRUPO, also\u00a0highlights smart cities\u2019 complexity and their resulting cybersecurity issues.<\/p>\n

The digital transformation of public services involves \u201can accelerated convergence between IT and OT systems, as well as the massive incorporation of connected IoT devices,\u201d she explains, which gives rise to challenges such as an expanding attack surface or the coexistence of obsolete infrastructure with modern ones, in addition to a lack of visibility and control over devices deployed by multiple providers.<\/p>\n

She also warns of multiple cases where there is no security architecture adapted to the new urban model, as well as a lack of maturity in the deployment of these infrastructures and their limited real-time detection and response capacity.<\/p>\n

\u201cAccording to the European Cyber \u200b\u200bSecurity Organisation, 86% of European local governments with IoT deployments have suffered some security breach\u00a0related to these devices,\u201d she says.<\/p>\n

Accenture\u2019s Dom\u00ednguez adds that the challenge is to consider \u201cthe fragmentation of responsibilities between administrations, concessionaires, and third parties, which complicates cybersecurity governance and requires advanced coordination models.\u201d<\/p>\n

De la Cuesta also emphasizes the siloed nature of project development, which significantly hinders the development of an active cybersecurity strategy.<\/p>\n

Spanish smart cities address the cyber challenge<\/h2>\n

Here in Spain, some cities\u2019 projects have earned them notoriety as international smart city pioneers. In the 2025\u00a0Smart City Index<\/a>, conducted by the IMD World Competitiveness Center, four Spanish cities are among the 146 leading smart cities in the world: Bilbao (29th place), Madrid (38th), Zaragoza (52nd), and Barcelona (92nd). Smart cities are revealed as one of Red.es\u2019 development priorities in its\u00a0financial report for the first half of 2025<\/a>, with initiatives such as the Data Space for Smart Urban Infrastructures (EDINT) and the agreement with the Spanish Network of Smart Cities of the Spanish Federation of Municipalities and Provinces to promote this model.<\/p>\n

\n

Zebra. En la imagen, Carlos de la Cuesta.<\/p>\n<\/div>\n

\u201cI have to give a lance to our public servants, because they do a lot with a little,\u201d says Zebra Technologies\u2019 de la Cuesta. \u201cObviously, there are mistakes and sometimes we have to backtrack, but things are being done quite well.\u201d<\/p>\n

In the integration of new tools, despite Spain holding a leading position in areas such as 5G, \u201ctechnology moves much faster than the government\u2019s ability to react,\u201d he says.<\/p>\n

\u201cIt\u2019s not like a private company, which has a certain agility to make investments,\u201d he explains. \u201cPublic administration is much slower. Budgets are different. Administrative procedures are extremely long. From the moment a project is first discussed until it is actually executed, many years pass.\u201d<\/p>\n

In his experience, security requirements demanded of suppliers by the government are increasingly stringent, and in line with the minimum standards set by organizations such as the National Cryptologic Center.<\/p>\n

Accenture\u2019s Dom\u00ednguez agrees. \u201cSpain has made significant progress in recent years in the protection of critical urban infrastructure, thanks to the regulatory push resulting from the transposition of the NIS Directive and the National Security Scheme (ENS), as well as growing institutional awareness.\u201d<\/p>\n

According to Dom\u00ednguez, Madrid, Barcelona, \u200b\u200bValencia, and Malaga have \u201cstructured cyber protection initiatives that integrate OT security, network segmentation, real-time monitoring, and coordinated incident response.\u00a0However, the level of protection remains uneven and, in many cases, reactive.\u201d<\/p>\n

He identifies two main challenges municipal CISOs face: a lack of specialized resources at the municipal level and a dependence on technology providers \u201cwho do not always integrate cybersecurity from the design phase.\u201d<\/p>\n

\n

Rosa D\u00edaz Moles, S2GRUPO<\/p>\n

S2Grupo. En la imagen, Rosa D\u00edaz Moles.<\/p>\n<\/div>\n

Comprehensive security planning is needed<\/h2>\n

S2GRUPO\u2019s D\u00edaz says her company has worked on a number of projects that underscore the kinds of vulnerabilities that can be found in\u00a0smart cities. For example, the company has undertaken cybersecurity assessments of smart street lighting systems in several municipalities \u201cwhere the possibility of causing widespread shutdowns through cyberattacks was identified, with the consequent impact on citizen security,\u201d she says.<\/p>\n

They also have analyzed urban traffic control systems in another European city, detecting that it was possible to alter traffic light cycles.<\/p>\n

\u201cThese cases demonstrate how a security breach can have direct physical consequences and reinforce the urgent need to invest in the cyber protection of connected urban infrastructures,\u201d she says.<\/p>\n

\u201cSome large capitals are making progress in urban cybersecurity strategies, but most medium-sized and small municipalities have structural deficiencies,\u201d she says, including deployments without a comprehensive plan, as well as unencrypted or un-updated devices.<\/p>\n

\u201cCybersecurity can no longer be limited to the administrative IT environment,\u201d she says. \u201cIt must incorporate the protection of distributed systems, connected physical assets, and intelligent platforms.\u201d<\/p>\n

For D\u00edaz, zero-trust architectures, network segmentation, advanced detection, and urban cyber intelligence are some of the key components in this new scenario. Because all the advantages of IoT applied to cities can become major problems if they are not provided with adequate protection.<\/p>\n

This is a translation of an article that originally appeared in Computerworld Espa\u00f1a<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Improved connectivity and the increase in connected devices are directly impacting the\u00a0popularization of\u00a0smart cities. Local governments are promoting projects that integrate new smart technologies to benefit citizen services, both independently and in collaboration with other levels of government or entities. A recent United Nations study\u00a0presents a global overview of the adoption of these tools, with […]<\/p>\n","protected":false},"author":0,"featured_media":4952,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4951","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4951"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4951"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4951\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4952"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}