Cybersecurity risks and solutions for smart city platforms

Smart cities significantly improve quality of life, yet the growth of digitalisation inevitably leads to an increase in vulnerabilities — from attacks on critical infrastructure to manipulation of citizens’ data and local government decision-making.

To ensure that the “city of the future” does not turn into a “city of vulnerabilities,” it requires not only a multitude of sensors and cameras, but also a consolidated digital transformation strategy with a clearly defined cybersecurity framework, standards for all contractors, and transparent data protection requirements.

Key cybersecurity risks for smart cities

According to The Cybersecurity Risks of Smart City Technologies, there are several recurring types of attacks targeting smart cities:

• Attacks on critical infrastructure. Breaches of traffic management systems, energy grids, or public alert systems can paralyse a city, create chaos on the roads, or directly endanger people’s lives in crisis situations.
• Attacks on municipal databases. Large-scale DDoS attacks and malware can disrupt portals, payment systems, dispatch centres, and municipal databases, resulting in multi-million losses and prolonged service recovery periods.
• Fragmented IoT landscape. Thousands of cameras, meters, and controllers with varying levels of security, default passwords, and infrequent updates create a wide range of attack vectors — from intercepting traffic between sensors and gateways to compromising individual nodes and using them as entry points for further intrusions.

Solutions for a secure platform

Experts emphasise that smart city cybersecurity is not a single product, but a comprehensive multi-layered architecture embedded into the design of urban services even before pilot launches. In addition to widely recognised approaches such as zero trust architecture and encryption, digital platforms can implement:

1. Purposeful data minimisation. By default, the city platform collects only the minimum amount of data required, actively anonymises and aggregates datasets, ensuring that even in the event of a breach, attackers do not obtain complete citizen profiles.
2. Transparent data governance. The city records who uses urban data, when, and for what purpose, maintains a public registry of datasets and partners, and provides citizens with greater control over how their data is used.
3. Cyber resilience as a standard. Critical services have backup environments and offline operational scenarios, enabling compromised segments to be quickly isolated without fully shutting down city operations.

Security in MISTO is embedded at the architectural level: each module, integration, and request operates in a secure-by-default mode, while critical services have fallback operational scenarios.

The platform is built on Creatio, which supports security requirements aligned with HIPAA and SOC 2 standards and security audit recommendations. As a result, urban services are deployed on infrastructure that meets strict requirements for processing sensitive data in regulated industries, providing communities with resilient infrastructure that maintains operational continuity and data protection even in crisis conditions.