Smart cities promise efficiency, sustainability, and convenience, but they’re only as resilient as their weakest node.
The smart city surface: What’s vulnerable?
Smart grids & energy infrastructure
A recent Techradar study revealed 46 vulnerabilities across three major solar inverter manufacturers, ranging from outdated firmware to insecure APIs. These flaws could let attackers disrupt energy production, manipulate grids, or steal data.
Public Wi‑Fi & municipal networks
In 2024, 27% of UK businesses operating in smart and interconnected buildings reported cyber-attacks in the past year, a jump from 16% Public-facing networks like Wi‑Fi remain prime targets.
IoT‑based traffic systems
Global IoT deployments hit 17.2 billion devices in 2025, a roughly 12% increase from 2024. But over half of IoT devices still carry medium-to-high severity vulnerabilities. When traffic lights, sensors, and cameras go online, any of these can become backdoors.
AI in urban infrastructure: Boon or Blind spot?
- AI is automating core city functions, used in predictive policing, traffic flow, energy optimization, and public service delivery.
- A Stanford-linked analysis of nearly 100 million U.S. traffic stops confirms racial bias in data-driven policing: black drivers were about 20 percent more likely to be stopped than white drivers relative to their share of the residential population.
Cities need
- Bias audits
- Model explainability standards
- Human-in-the-loop oversight
The Cybersecurity talent gap
- The global cybersecurity workforce is short by 4.8M professionals.
- Public sector roles are hardest to fill due to slower hiring and lower pay.
- Almost 60% of respondents agreed that their organization’s skills gaps significantly undermined security, with 58% saying those gaps pose significant risk
India talent gap
Over 1.5 lakh roles remain unfilled in government and state-level cyber posts.
Solutions
- Upskilling programs
- University-city cybersecurity fellowships
- Contracted Managed SOC services
Rising tide of attacks
- IoT cyberattacks surged 400% year-over-year in manufacturing alone, equating to around 6,000 device-level attacks weekly.
- Forescout’s 2025 report shows average device risk across countries jumped 33% (from 6.53 to 9.1) between 2024 and 2025.
- Over 1.3 billion wide-area smart-city connections were in use by 2024, about half utilizing lightweight LPWA protocols that lack robust security.
Weak links, big consequences
In a smart city, systems are interconnected. A single compromised IoT sensor can cascade across platforms, affecting public safety, traffic flow, and emergency response systems. Add in vulnerabilities at energy nodes, and you have a recipe for disruption at scale.
Building better cyber hygiene
To safeguard our cities, here’s a multi-layered approach
- Automate firmware updates
With 60% of IoT breaches tied to outdated firmware, regular updates are non-negotiable. - Network segmentation
Isolate IoT and public networks from critical infrastructure to limit lateral attacks. - Device inventory & vulnerability scanning
Knowing what’s connected and how exposed each device is and can reduce attack surfaces. - Adopt security standards
Frameworks like NIST’s IoT Cybersecurity Framework and EU’s Cyber Resilience Act push manufacturers toward secure-by-default devices. - Secure communications
Encrypt public Wi‑Fi and mandate multi‑factor authentication for admin access. - Emergency incident reporting
Systems like Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) in the US aim to give authorities early warning on infrastructure incidents.
Smart cities offer massive potential but they expand attack surfaces too. With threats rising (400% IoT attack growth, 33% device risk jump) and billions of connected nodes out there, cyber-hygiene is essential. Patch early, segment smartly, monitor constantly.
References
- Millions of solar power systems could be at risk of cyber attacks after researchers find flurry of vulnerabilities
- More than 25% of UK businesses hit by cyber-attack in last year, report finds
- (PDF) THE INTERNET OF THINGS IN 2025: TRENDS, BUSINESS MODELS, AND FUTURE DIRECTIONS FOR A CONNECTED WORLD
- IoT Cybersecurity Trends | Digi International
- Forescout’s 2025 report reveals surge in device vulnerabilities across IT, IoT, OT, and IoMT – Industrial Cyber
- Lack of cybersecurity investments in smart cities will result in IoT vulnerabilities
- IoT Security Risks: Stats and Trends to Know in 2025
- Cyber Resilience Act – Wikipedia
- Internet of Things (IoT) in Power Strategic Intelligence Report 2025 | Market to Exceed $1.8 Trillion by 2028
- Stanford Open Policing Project analyzed data from nearly 100 million traffic stops in the US | Journalism Program
- Growth of Cybersecurity Workforce Slows in 2024 as Economic Uncertainty Persists
- Cyber Security in India: Trends, Challenges, and Growth Opportunities for 2025 – My Framer Site
- 2024 ISC2 Cybersecurity Workforce Study
