Smart Cities and Cyber Security: Are We There Yet? A Comparative Study on the Role of Standards, Third Party Risk Management and Security Ownership

Smart cities have brought a variety of benefits aiming to revolutionise people’s lives. Those include but are not limited to, increasing economic e ciency, reducing cost and decreasing environmental output. However, the smart city itself is still in its infancy. As it heavily relies on technologies, it opens up doors to cyber attackers and criminals, which can lead to significant losses. An outstanding problem concerns the social and organisational aspects of smart cities security resulting from competing interests of di event parties, high levels of interdependence, and social and political complexity. Our review shows that current standards and guidelines have not clearly defined roles and responsibilities of di erent parties. A common understanding of key security requirements is not shared between di erent parties. This research assessed the smart cities and their cyber security measures, with a particular focus on technical standards and the regulatory framework. It comprehensively reviewed 93 security standards and guidance. It then performed a comparative case study of Barcelona, Singapore and London smart cities on their governance models, security measures, technical standards and third party management. Based on the review and the case study, this research concluded on a recommended framework encompassing technical standards, governance input, regulatory framework and compliance assurance to ensure that security is observed at all layers of the smart cities.