Green, smart cities must be secure by design
By Taru Madangombe, Vice President for Power and Grid Segment, MEA at Schneider Electric
Around the world, countries are investing heavily in the development of smart, green cities. These next-generation urban environments promise to diversify economies, attract global investment, and demonstrate leadership in sustainability and technological innovation.
Smart green cities like Masdar City in the UAE, Freiburg in Germany and Songdo in South Korea are prime examples of futuristic environments built on sustainability practices and green technologies. Cape Town in South Africa is also investing heavily investing in smart grids, water management, and digital ecosystems.
But, like most things in life, there is always a caveat.ย With progress and in particular technological progress there always risk.ย For example, in Columbia Ohio, US, a major ransomware attack hit the city’s digital infrastructure two years ago, compromising the data of half-a-million residents.
The threat group in question gained access to the cityโs IT environment and posted evidence of the attack on the dark web.
The reality is due to its very nature, smart cities are built on interconnected digital infrastructure which integrate power grids, intelligent buildings, transportation systems, utilities, and millions IoT devices.ย And this expands the potential attack surface for cyber criminals.
Every connected component, from grid control systems and building automation platforms to apparently insignificant devices such as smart bulbs or sensors, can become a potential entry point into the wider system.
The reality of security risk
As mentioned, smart cities offer an expanded attack surface and cyber intrusion can potentially penetrate one part of an interconnected infrastructure, moving laterally across systems, affecting operations far beyond the initial point of compromise.
A localised breach within a municipal utility, for example, could disrupt not only the immediate network but also other connected systems or infrastructure that rely on the same digital ecosystem.
This risk is particularly dire in the context of energy systems. As power grids evolve to become smarter and more interconnected, featuring distributed energy resources (DERs) and digital monitoring platforms, they also become more reliant on secure data exchange and control systems.
If these systems are not effectively protected, the consequences could extend beyond operational disruption to impact public safety, economic stability, and trust in critical infrastructure.
It should not be an afterthought
It is vitally important that cybersecurity is embedded into the system architecture from the get-go. This means every component entering the network mut be secure by design.
Too often, cybersecurity strategies focus primarily on monitoring, detection, and response technologies lie as AI-driven threat detection platforms. While these tools are essential, they represent only one part of a broader defence strategy.
Utilities, municipalities, and infrastructure developers must therefore integrate cybersecurity requirements directly into procurement policies and supply chain processes. This means selecting technology solutions that are designed with cybersecurity at their core, verifying the integrity of suppliers and components, and carefully managing vendor access to operational systems.
Granted, while major systems such as substations, grid management platforms, and industrial control systems may undergo rigorous cybersecurity scrutiny, smaller components often receive far less attention. However, its these seemingly minor devices may ultimately provide the easiest path for attackers.
Indeed, cybersecurity must extend beyond technical solutions and become embedded within governance frameworks. This means standards, procurement policies, and regulatory oversight must ensure that every asset introduced into smart infrastructure meets defined cybersecurity requirements.
Ultimately, the success of smart, green cities will depend not only on their ability to harness digital technologies, but also on their capacity to secure them.
