There’s at least one place on every inhabited continent on Earth that claims to be ‘the city that never sleeps’. But in the new digital paradigm, that is likely to take on a much more literal meaning. Whether their populations sleep or not, the cities of the next decade will be perpetually watching, thinking, regulating their internal mechanisms and adapting.
In other words, and I want you to take this literally, they’ll start to behave like a living organism, complete with an immutable instinct for self-preservation and protection of its inhabitants. In the face of a maelstrom of threats to its functionality, infrastructure and people, the sentient cities of the future will need to come prepared with a suite of tailored, automated defenses.
The urban 5G networks and other advancements in self-learning technologies of sentient cities will open up a whole ecosystem of new markets and technology applications. They will also create a potentially incomprehensible volume of data during the management of its hyperconnected infrastructure:
- Utilities infrastructure (such as electrical grids, water, gas, sewage, garbage and even the 5G network itself) will continuously self-regulate, monitoring personal and enterprise consumption to inform distribution, and to plan for peak times.
- Smart traffic lights and road signs will monitor GPS data, mechanizing the flow of autonomous vehicles and public transport through the streets. Vehicles themselves will communicate with each other, sharing data to help their passengers avoid traffic and reduce the risk of accidents.
- Bridges, motorways and rail tracks will measure traffic loading to inform maintenance schedules and repair work, even adjusting their surfaces to compensate for weather conditions.
- Underground stations, and perhaps the mag-lev stations of the future, will collect individual commuter data to enforce ticket payments, increase throughput at rush hour, and even regulate the ventilation of oxygen and cool air through the busier stations.
- And every building will monitor their occupancy, adjusting heating and lighting, monitoring for faults and potential failures, interacting with people and their personal devices.
I find myself wondering — how do we secure this data, especially in the era of the ’open universe’, with data made freely available in what one might call a system of data anarchy? And perhaps more importantly — what about the transitional period? How do we ensure that security spearheads the move to smart city infrastructure, instead of playing catch up and leaving vulnerabilities open for decades to come?
It’s easy to lay out the best practice principles. For instance, embedding encryption in every component of the infrastructure would be a good start. Ensuring we can patch and update devices as new attacks become known. Championing minimization of access to data and even anonymizing data at the point of collection. But all these classical approaches may neither be sufficient nor efficient. In the era of automation, can we go further and enforce zero trust, as well as ensuring monitoring of system operation under the uncompromised governance of an intelligent algorithm?
But beyond the technical security measures, there are more fundamental ethical issues around the collection of data, the privacy expectations of the citizens of the smart city, and the rights of the city authorities to act to protect the greater good while stopping short of creating a surveillance state.
Securing data is only one part of building public trust — the risks of such infrastructure being compromised go beyond this. Hyperconnected infrastructure can create real physical consequences from a cyber incident in the virtual world. Hacking an investment platform may cost peoples’ livelihoods, but hacking an automated public transport system could cost peoples’ lives. A physical incident, deliberately induced or otherwise, can bring an urban economy to a standstill out of fear. Would you want to get in your autonomous car if someone hacked a highway the previous day? Would you drink water from your taps, if the news told you someone might have hacked the city’s filtration system? I don’t know.
The sobering reality for those charged with safeguarding sentient cities is that cyber attacks on physical infrastructure are the worst of both worlds — they have virtual origins, but physical results. While heightening visible police presence or adding security checkpoints can help restore confidence after a physical attack, how do we achieve the same effect after a cyber attack and restore that feel of public confidence and safety?
The obvious implications are that the technology provided by private and public sector contractors needs to be robust with regulators driving significant improvements in security governance throughout the supplier ecosystems, including those providing the 5G infrastructure itself. We have building controls for the physical fabric of our buildings, and we need design principles for effective and ongoing protection and monitoring of this new age virtual infrastructure too. The advancements in self-learning and self-healing systems may enable us to build a much more reliable and secure infrastructure.
As we look to the longer term, will our cities also look out for criminal activities not just in their streets, but in their digital highways, with AI systems acting to protect citizens and actively disrupt the activities of organized crime groups? Police, fire, ambulance and now digital responders.
The executives of private sector providers will work in partnership with regulators and nation-state resilience planners to practice continuity and response plans, and share intelligence among whole industries to ward off threats. And in preparation for those attacks that are truly unavoidable, regulators and private sector partners may need to run public education campaigns and classroom safety drills that help the general populous cope with attacks.
Sentient cities will serve as an engine of prosperity and efficiency, but they also pose potential risks to public health, national security and the environment. Considering cyber security upfront is a must, and we should aim for our new smart cities to be secure-by-design not by afterthought. We should also be open to finding novel approaches to managing the security and resilience of these cities, the privacy of the data flowing through it and the psychological assurance of their inhabitants. Simply automating our existing approaches will not be enough, and we should look for new approaches which allow our cities to heal themselves embedding resilience from the start.
Time will tell how our sentient cities go on to defend themselves; in the meantime, we need to set our expectations of what good looks like and bring it to life. Let’s create an environment, which our citizens can trust to protect their livelihoods and their privacy, and helps them sleep soundly at night.