Public-private partnerships (PPPs) are becoming increasingly common in the smart cities sector as more responsibilities for critical infrastructure are shared between government agencies and private companies. When it comes to cybersecurity, PPPs allow for expertise, resources, and capabilities from both the public and private sectors to be leveraged to better protect smart city systems and data from growing cyber threats. Here are some key examples of PPPs that have emerged for smart city cybersecurity:
One major example is Singapore’s Smart Nation Cybersecurity Collaboration Programme. Through this program, the Cyber Security Agency of Singapore partners with over 30 technology companies like Cisco, Thales, and DXC Technology to co-develop solutions, conduct joint testing and training, and share threat intelligence. The goal is to foster a collaborative ecosystem to strengthen the cyber defenses of Singapore’s smart nation initiatives. Some specific projects under this program include developing an IoT security certification framework and establishing an AI and cyber range lab for testing new technologies.
In Europe, the city of Barcelona has engaged in a long-term PPP with Telefonica to develop and run its smart city command center and operations. Part of this partnership involves jointly managing Barcelona’s cyber risk, with Telefonica providing security services and monitoring for the city’s IT and IoT infrastructure. They conduct regular vulnerability assessments, patch management, malware detection and response. Some of the data shared between the city and Telefonica is also anonymized and analyzed to help strengthen future security measures for smart city systems.
In the U.S., a number of state and local governments have initiated smart city PPPs focused on cybersecurity. For example, the state of Rhode Island has partnered with Johnson Controls, Dell Technologies and other tech firms via the Rhode Island FastFund program to deploy smart city technologies like connected street lights. These companies provide ongoing security services and incident response capabilities to the state as the programs expand. Meanwhile in Columbus, Ohio the extensive smart city testbed known as Smart Columbus has engaged with Qualcomm to implement mobile-first security solutions and edge computing architectures integrated with the city’s operations technology systems.
On a broader scale, organizations like the non-profit CyberSecurity Coalition in Los Angeles facilitate collaboration between the public sector, private enterprises, and academia to enhance protection of critical infrastructure across the region. Key initiatives have included conducting emergency response exercises that replicate data breaches or cyberattacks against smart city utilities. Coalition members work together to identify vulnerabilities, simulate incidents, and improve coordination of recovery efforts between different stakeholders.
In the transportation sector, public transit agencies have signed deals with security giants like Cisco to deploy next-generation network and endpoint security across rail, bus and autonomous vehicle fleets. Widespread deployment of WiFi, ticketing, SCADA and other smart mobility technologies have increased cyber risk profiles, driving a need for scalable managed security services delivered through PPPs. For example, the Metropolitan Transportation Authority in New York partnered with BT to fortify security controls for IT, operational technology and passenger facing systems used across the subway, commuter rail and bus network serving millions daily.
On a city level, both Boston and Atlanta have pursued comprehensive smart city PPPs with Accenture that entail applying cybersecurity best practices and governance frameworks across all stages of new IoT project deployment. Services include security architecture design, access management, encryption, monitoring for anomalies, incident response procedures, vulnerability management and employee training. These engagements recognize that robust security must be “baked in” from initial planning of smart city systems rather than an afterthought.
Looking ahead, more PPPs are sure to emerge that take cybersecurity collaboration between cities and technology vendors to the next level. Joint security operation centers, community hacker spaces for controlled “attack” simulations, cross-sector information sharing arrangements and combined research on next-gen security controls are some areas ripe for deeper cooperation through public-private models. With collective resources and expertise unified, smart cities stand the best chance of defending against inevitable cyber threats constantly evolving alongside new connected infrastructure and digital services.
As the surface area of attack for malicious cyber actors continues expanding due to growing smart city deployments, forging strategic security partnerships between government, industry and research will remain mission critical. Examples demonstrated that PPPs provide a framework for the public and private sectors to jointly invest, innovate and problem solve and boost cyber defenses for these complex, interconnected urban networks of the future.