How do Cyber-Risks Vary Across Smart City Technologies?

Smart city technologies present opportunities for local governments, while also exposing them to new risks. While privacy threats and algorithmic biases have received significant attention within urban studies, cybersecurity has received far less. Our study examines systematic variation across smart city technologies in cyber-risks. We administered a survey to cybersecurity experts in which they ranked the vulnerabilities, threats, and consequences of potential cyberattacks for nine different smart city technologies. Analysis using a Markov-based approach indicates that cyber-risks vary greatly across technologies. Notably, technologies that are more vulnerable in technological terms are also viewed as most likely to be impactful if an attack were to occur, and most likely to be targeted by nation-states. Case studies of emergency or security alerts and smart water meters—ranked as most risky and less risky respectively—underscore and help explain this variation, while also highlighting that local governments vary in their ability to vet vendors, and that cyber-protections are typically subordinated to other concerns in procurement decisions. Our study illustrates the utility of disaggregating the concept of the “smart city,” and the analytic utility of comparisons across technologies rather than geographic units and provides a useful framework for local government decision-making.