Internet Archives – ITSS Verona

January 20, 2025 — No Comments

Assessing the Cybersecurity Challenges of Smart Cities

by Wesley Issey Romain & Giulia Saccone - AI, Cyber Security & Space Team

Introduction

The emergence of the “smart city” as a concept in the 1980s and a reality in the mid-2000s coincided with the rapid development of technology and internet worldwide. Two decades later, in 2024, growing urbanisation, environmental concerns, social and governance issues, shifting lifestyles, and economic and residential attractiveness contribute to deeper reliance on digital tools and emergent technologies, such as Internet of Things (IoT) devices and artificial intelligence (AI). Consequently, protecting smart cities’ infrastructures, networks and IoT devices against data theft, sabotage, surveillance, ransomware, terrorism, and other cybercrimes – whether from state-sponsored hacker groups or non-state actors – is crucial for government, private businesses, and civil society stakeholders.

This paper argues that despite the constant and multifaceted cybersecurity threats smart cities encounter, holistic and long-term solutions exist to maintain and enhance the security of their infrastructures and prevent any potential massive disruption. Our article mainly uses qualitative and quantitative data from secondary sources. It will be organised into five parts in the subsequent order:

Firstly, it will provide a brief understanding of the concept of a “smart city” and a presentation of its interpretations, strengths, opportunities, and primary stakeholders. The second part (II) will discuss the leading cyber security challenges smart cities face and demonstrate how the advent of emerging technologies and new threat actors will continue to impact smart cities’ overall safety and integrity. Finally, the third, fourth, and last parts (III, IV, and V) will each present an existing and potential solution to strengthen the security of intelligent cities’ IT infrastructures against cyber threats and disruptions.

A brief presentation of the concept of the smart city

The concept of “smart city” started appearing in academia around the 1990s; however, the notion has been popularised through IBM’s Smart Cities Challenges. Although nowadays there is not a univocal definition of a smart city, for this article, we may define them as an urban area where ICT and IoT occupy a pivotal role in data collection, anonymisation and analysis for the improvement of citizens’ quality of life, addressing contemporary challenges on a multi-stakeholder partnership. It is hence characterised by the use of diverse IoT-based systems (from smart grids to garments with sensors), which change from city to city–which implies the diverse definition of smart cities. Therefore, connectivity is the indispensable trait that every IoT device should have to join the smart city’s network, and scalability is what ensures that every project can be initially implemented on a small scale and then expanded in the wide urban landscape. Furthermore, users’ participation is vital for concretising the effects of a smart city and spotting new challenges¹.

The main sectors involved are the ones of mobility, where IoT devices, AI and 5G optimise citizens’ transportation both on private vehicles and public transportation; energy, where smart grids allocate energy efficiently based on demand; and health, where IoT timely communicates through 5G the physiological state of individuals to provide timely responses and targeted therapies. IoT implementation in housing is important not only for this latter aim but also for improving lifestyle, with a house capable of responding to our daily necessities in a timely manner. IoT paired with AI can be functional for improving surveillance and predicting crime. Recently, smart cities’ R&D has also focused on public administration and citizenship participation, boosting the efficiency of public administration and creating smart communities for boosting citizens' engagement in local politics².

Smart cities aim to improve citizens’ quality of life by addressing urbanisation challenges through energy efficiency and responsive systems enabled by IoT devices. However, only 16% of cities can independently afford these projects due to high costs and diverse program requirements. To attract investors and drive innovation, cities use their smart city mission as a branding strategy, fostering advancements in underdeveloped but essential areas and consequentially creating long-term investments and competitiveness on the international stage. Partnerships with international bodies, research institutions, and other smart cities have proven effective for acquiring cutting-edge technology and best practices, mainly through city-to-city collaborations that bypass traditional bureaucratic channels.

The success of a project in a smart city resides in the coordination of the multiple stakeholders, which play simultaneous roles as planners, developers, implementation agents and follow-up responsible. The main actors involved are public stakeholders - namely national and local governments, administration and political institutions – that enable the coordination, monitoring and compliance of other players through policy formulation. Following, we have the private sector – composed of companies and start-ups primarily focused on the ICT field, investors, and in specific contexts, energy suppliers and property developers – that, in the case of cybersecurity, provide ICT infrastructures and investments in cutting-edge technology to boost the system readiness for cyberattacks. The Academic group has emerged as knowledge brokers, concurring with private counterparts in offering solutions in the implementation stage. Civil stakeholders – namely press, NGOs, and private citizens - play a dual role as recipients and contributors of projects, dispensing continuous feedback to the abovementioned categories thanks to advocacy and data sharing.

The digital challenges of smart cities with emerging technologies.

Due to its incorporation of mixed technologies, software, and hardware, a smart city would inevitably be exposed to multiple cyber attacks by various threat actors. Experts have suggested that smart cities necessitate novel and inventive approaches to safeguard devices and applications, taking into account factors such as resource limitations, the nature of distributed architecture and geographic dispersion while confronting issues such as unreliable communication, insufficient data, and privilege safeguarding. Regardless of whether the cyber attack is conducted on the perception layer (sensor, actuators, RFID or GPS), on the network layer (Bluetooth, Wi-Fi, and LAN), or on the application layer (Smart Home, Health, and Grid), most common cybersecurity risks associated with smart cities can be summarised into four types.

First, the Distributed Denial of Service (DDoS) is perhaps the most documented practice of cyber attacks against a service or a network. DDoS is a malicious attack restricting digital traffic by inundating a target with excessive internet traffic, utilising compromised computer systems and IoT devices as sources. A cybercriminal could, for example, launch a DDoS attack to gain a smart city’s charging station, traffic light, or public transportation network, which could become a component of a botnet employed to disable another system. In 2018, CISCO indicated that the number of DDoS attacks worldwide was 7.9 million and had forecasted a substantial rise to 15.4 million in 2023. Additionally, most recent statistics data showed that DDoS attacks increased by 46% in the first half of 2024 in comparison to 2023, with peak attack power jumping from 1.6 Tbps to 1.7 Tbps, in which online gaming, technology, financial services, and telecommunications were the most targeted industries with 49%, 15%, 12%, and 10% respectively.

Secondly, data exfiltration from devices such as traffic lights, CCTV cameras, parking meters, or public services servers is another significant challenge for smart cities as they gather extensive data from citizens. Public data theft violates the confidentiality, integrity, and availability of public data, as cybercriminals can use compromised information to perpetrate ransomware or other fraudulent transactions with third parties on the dark web. Privacy violations, financial loss, legal problems, and loss of trust from citizens are just a few of the damaging effects of data leaks from a city’s IoT devices. Such incidents have happened and are more frequent than one may think. For example, in July 2024, a large-scale data theft conducted by a cybercriminal group was reported in the United States in Columbus, Ohio. After the breach of private data stolen from over a hundred thousand ordinary people stored in public IT infrastructures and municipal agencies, a ransomware operation was launched, and sensitive information was divulged on the dark web. This type of incident will likely occur again as cities rely more and more on technology.

Thirdly, device hijacking is another threat associated with smart cities. Hacker groups often seek to control a device to influence the myriad of technological equipment constituting a smart city infrastructure and network. IT experts argue that IoT devices frequently possess default credentials that malicious actors can use, and weak data encryption, absence of periodic software updates, and interconnectedness render them easily compromised by hackers.

Fourth, Permanent Denial of Service (PDoS) is documented as a devastating cyber risk to any technologically advanced and dynamic city. IT experts have noted that, in contrast to sporadic DDoS, which results in ephemeral cyber disruptions, PDoS causes permanent hardware damage and substantial economic consequences, potentially endangering human life in healthcare and critical infrastructure sectors.

Urban areas are projected to accommodate 68% of the global population by 2050, propelled by urbanisation and demographic expansion. Consequently, such prevision, coupled with the advancement and availability of devices and digital tools, the participation of state-sponsored and non-state actors groups in malign cyber-attacks is undoubtedly a source of concern for developed and emerging countries, global cities and their inhabitants. At the same time, it should be observed that cities worldwide do not share the same level of cyber threat. As Cesar Cerrudo mentioned, while most cities possess technology, the effectiveness of smart cities varies based on the extent of technological advancements implemented. Some cities have implemented more technology while others have less.

Smart cities are expected to face several digital challenges with the availability and advent of new technologies; nevertheless, solutions and measures exist to enhance security and prevent disruptions.

Source: Illustration generated by AI

Threat detection and investments in advanced technology

Existing measures are primarily concerned with ensuring data and privacy protection based on trust, integrity, and confidentiality to prevent leaks from sensors, cameras, other IoT devices, and critical infrastructures. To support them and address the main concerns raised by industry and academia on privacy and data protection, the cybersecurity sector has focused on the mitigation of breaches in IoT for privacy protection, improving device authentication, access control, and firmware updates to provide better data anonymisation, secure data sharing and analytics for safe decision-making. A smart city is a goldmine of personal data due to its pivotal role in enhancing the quality of life of citizens and the interconnectedness through IoT. This provides criminals with a myriad of access points on devices with limited.

Blockchain technology has demonstrated a high potential solution thanks to its capacity to transmit information securely and directly. Specifically, this technology can be applied to cybersecurity to protect personal data. In the case of e-governance, it enables individuals to manage their credentials independently, bypassing centralised controlling authorities. Seoul is a fitting example: in 2018, the city started applying blockchain in its public administration, and during the same year, it developed a metaverse secured by blockchain for document issuance and citizen participation.

AI application is another game-changing technology that can boost smart cities’ cybersecurity thanks to their high computational and predictive qualities, which, applied to the fog computing layer, could protect them from cyberattacks despite their resource constraints – i.e. limited storage and RAM³. In particular, the fog layer managing the data transfer between the IoT devices and the Cloud layer provides a higher amount of computing load than those two extremes, lower latency in the communications between the IDS and the IoT, and lower energy consumption. This enables the operators to isolate the attack, repel it, and avoid its spread throughout the network, allowing an interrupted flow of smart city services. In particular, ML can be applied to both SDIS and AIDS. On the other hand, it can ease the time-consuming characteristics of updating the signature database. Regarding the latter, it can enhance the precision of attack detection, lowering the rate of false positives.

Biometrics is already used to facilitate authentication thanks to the uniqueness of individual features, addressing the constant concern for privacy and security. They have already found wide applications in the smart economy field, like the fingerprint and face recognition used by Apple Pay, face recognition for video surveillance devices of Amazon Web Services, and voice recognition employed by Amazon Alexa for telemedicine in the UK.

Strengthening and facilitating public-private partnerships

It is already visible from these few examples how private and public sectors coexist in the development of smart cities’ security, acting in synergy for optimising the outcomes of their projects thanks to risk and resource sharing and the relative reduction of costs; access to the private’s technical and management skills and the innovation enhancement for effective, creative and real-time solution s. An example is the collaboration between Barcelona’s Municipal Institute of Informatics and CISCO to implement a communication protocol for CERT and CSIRT to detect, share, respond and recover from cybersecurity threats and vulnerabilities in IoT devices.

Indeed, Barcelona is a perfect example of a smart city where public and private partnerships (PPP) can thrive thanks to companies with a sound knowledge of the local market, the involvement of all the stakeholders – citizenship included – to commit them towards the same type of projects and ease the tensions through transparency and responsibility, and trust-building practices, which are paramount in the initial phases. The cruciality of trust building is visible in the failure of the PPP of Sidewalk Labs and Waterfront Toronto, where the lack of involvement of the citizens led to tensions that resulted in boycott protests of the project.

However, it must be pointed out that this factor is crucial in democracies, where citizenship plays an active role in shaping smart cities. Nevertheless, transparency is a value that benefits all smart cities regardless of the ongoing regime since it communicates the reliability of the projects and the worth of investing in this transformation.

Strengthening and facilitating regional and international cooperation, information sharing and dialogue among experts

PPPs are not the only method to transform and strengthen the security of smart cities; international fora, capacity-building projects, and collaboration among cities play fundamental roles. At the international level, the United Nations Economic Commission for Europe (UNECE) and the UN-HABITAT coordinate the global platform "United for Smart Sustainable Cities" (U4SSC) to encourage the transition from traditional to smart cities, which has also developed a set of key performance indicators (KPIs) for sustainable cities, a valuable instrument for agenda setting and performance evaluation adopted by more than 50 cities worldwide.

The ITU, thanks to the Smart Sustainable Cities program, supports the development of stable, secure, reliable and interoperable ICT devices for sustainable cities. The Smart Cities Council is a network of experts providing capacity building and investment programs, which, among all the objectives, aim to ensure cyber, privacy, and data protection. At the regional level, for instance, the EU provides the Smart Cities Marketplace: a platform for the various stakeholders involved in the field to improve citizens’ quality of life and increase the competitiveness of European cities and industry with respect to EU climate targets.

While at the level of bilateral agreements, Singapore has exploited its expertise to catalyse agreements from distant poles, such as China and the US, for mutual cyber capacity-building projects. Those multilevel initiatives have a common effect that addresses one of the biggest challenges of smart cities intra and interoperability: the normative and standard differences between cities, which makes PPP challenging and prevents effective data protection, the biggest concern in the research field.

Conclusion

In conclusion, despite the persistent, increasing, and diverse cybersecurity risks faced by smart cities, comprehensive and sustainable solutions are available to safeguard their infrastructures and avert significant disruptions. Firstly, it has been shown that the notion of a smart city originated in academic circles throughout the nineties. The concept emphasises mobility, energy, and health, with research and development concentrating on public administration and citizen participation. It was argued that successful projects necessitate the collaboration of several stakeholders, including planners, developers, implementation agents, and follow-up measures, to enhance the quality of life for citizens.

The second part of the article sought to demonstrate that smart cities incorporate various technologies, including software and hardware, making them vulnerable to multiple cyber-attacks from a wide range of threat actors. DDoS and PDoS attacks, data exfiltration, and device hijacking attacks are common cybersecurity dangers. The involvement of both state-sponsored and non-state actors in malicious cyber-attacks is a cause for concern for both developed and emerging nations, as well as capital cities around the globe and their populations.

Thirdly, it has been observed that investments in cutting-edge technologies to prevent cyber threats are deemed pertinent and practical. For instance, tools such as blockchain technology provide a safe and direct method for information transmission, positioning it as a viable option for cybersecurity. Besides, artificial intelligence applications can improve cybersecurity in smart cities through their computational and predictive abilities. Lastly, biometrics, characterised by its distinctive attributes, is employed for authentication, mitigating privacy and security issues.

The successful example of the city of Barcelona, introduced in the fourth part of the paper, confirmed that public-private collaborations improve security and optimise project results via risk and resource sharing, cost reduction, access to private technical and managerial expertise, and innovation. Additionally, it has been demonstrated that transparency is essential for smart cities.

Lastly, multilateral forums are part of the solution. International forums and initiatives to increase capacity building are essential to strengthening the safety of smart cities. Developing reliable, secure, and stable information and communication technology devices must be encouraged within forums such as the ITU’s Smart Sustainable Cities. Only through the listed solutions can government, public, and private stakeholders ensure that smart cities remain safe.

References

Houichi, Mehdi. “Cyber Security within Smart Cities: A Comprehensive Study and a Novel Intrusion Detection-Based Approach.” p.394. ↩︎
Hermann P. Rapp., and Moebert, Joechen. “Smart Cities: Investing in the urban future”. ↩︎
Houichi, Jaidi, Bouhoula, 2024; ↩︎

Abaimov, Stanislav. “Understanding and Classifying Permanent Denial-of-Service Attacks”. Journal of Cybersecurity and Privacy. 2024; 4(2):324-339. Retrieved from: <https://doi.org/10.3390/jcp4020016>

Admass, Wasyihun Sema., Yirga Yayeh Munaye., and Abebe Abeshu Diro. 2024. “Cyber Security: State of the Art, Challenges and Future Directions.” Cyber Security and Applications 2:100031. Retrieved from: <https://doi.org/10.1016/j.csa.2023.100031>.

Alibasic, Armin., et al. “Cyber Security for Smart Cities: A Brief Review”. In Data Analytics for Renewable Energy Integration: 4th ECML PKDD Workshop, DARE 2016, Riva del Garda, Italy, September 23, 2016, Revised Selected Papers 4. 22-30, Springer International Publishing. 2017. Retrieved from: <https://e-tarjome.com/storage/btn_uploaded/2019-08-14/1565752729_9885-etarjome-English.pdf>

BASE. “Smart City”. May 2019. Retrieved from: <https://www.baseland.fr/en/recherches/smart-city/>

Borgeaud, Alexandra. 2024. “Global web application critical vulnerability taxonomy 2023”. Statista. February 20, 2024. Retrieved from: <https://www.statista.com/statistics/806081/worldwide-application-vulnerability-taxonomy/>

Cerrudo, Cesar. “An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks”. Technical Report, Securing Smart Cities, 1-22, 2015. Retrieved from: <https://securingsmartcities.org/wp-content/uploads/2015/05/CitiesWideOpenToCyberAttacks.pdf>

Cho, Young-Im. “Lecture 4 - Biometrics in Smart City” Lecture, September 2023. Retrieved from: <https://pb.edu.pl/iro/wp-content/uploads/sites/32/2023/09/Biometrics_intelligent_solutions_III_ON-SITE_Young_Im_Cho_4.pdf>

“DDoS Attacks Trends for Q1-Q2 2024: Insights from Gcore Radar Report.” GCORE, August 14, 2024. Retrieved from: <https://gcore.com/blog/radar-q1-q2-2024-insights/>

Department of Health and Social Care. “News Story - NHS Health Information Available through Amazon’s Alexa.” October 7, 2019. Retrieved from: <https://www.gov.uk/government/news/nhs-health-information-available-through-amazon-s-alexa>

European Commission. “Smart Cities”. European Commission. Retrieved from: <https://commission.europa.eu/eu-regional-and-urban-development/topics/cities-and-urban-development/city-initiatives/smart-cities_en>

“European Cybersecurity Test Project in the City.” 2022. Info Barcelona. January 2, 2022. Retrieved from: <https://www.barcelona.cat/infobarcelona/en/tema/smart-city/european-cybersecurity-test-project-in-the-city_1141253.html>

Gatlan, Sergiu. “City of Columbus: Data of 500,000 stolen in July ransomware”. Bleeping Computer. November 4, 2024. Retrieved from: <https://www.bleepingcomputer.com/news/security/city-of-columbus-data-of-500-000-stolen-in-july-ransomware-attack/>

Hamid, Bushra. et al. “Cyber Security Issues and Challenges for Smart Cities: A survey”. 13th International Conference on Mathematics, Actuarial Science, Computer Science and Statistics (MACS), Karachi, Pakistan, 2019, pp. 1-7. Retrieved from: <https://ieeexplore.ieee.org/abstract/document/9024768>

Houichi, Mehdi., Faouzi Jaidi., and Adel Bouhoula. 2024. “Cyber Security within Smart Cities: A Comprehensive Study and a Novel Intrusion Detection-Based Approach.” Computers, Materials & Continua 81 (1): 393–441. Retrieved from: <https://doi.org/10.32604/cmc.2024.054007>

Iberdrola, “BLOCKCHAIN4CITIES – Blockchain Technology at the Service of Urban Management.”. Retrieved from: <https://www.iberdrola.com/innovation/blockchain-for-smart-cities-urban-management>

Institute for Defense and Business (IDB). “What Are the Cybersecurity Risks for Smart Cities” <https://www.idb.org/what-are-the-cybersecurity-risks-for-smart-cities/>

International Telecommunications Union (ITU). “Smart Sustainable Cities.” ITU, 12/21. Retrieved from: <https://www.itu.int/en/mediacentre/backgrounders/Pages/smart-sustainable-cities.aspx>

Jayasena, N.S., H. Mallawaarachchi, and K.G.A.S. Waidyasekara. “Stakeholder Analysis For Smart City Development Project: An Extensive Literature Review.” Edited by E. Mohd Ahnuar, R. Mohd Nordin, J. Yunus, and N.A. Abdul Rahman. MATEC Web of Conferences 266 (2019): 06012. Retrieved from: <https://doi.org/10.1051/matecconf/201926606012>

Machap, Kamalakannan. & Hua Qiang. “Evaluating firewall tools and techniques in enhancing network security”. Journal of Applied Technology and Innovation, Vol. 6, No. 1, 2022. Retrieved from: <https://www.researchgate.net/publication/357553876_Evaluating_firewall_tools_and_techniques_in_enhancing_network_security>

Md Mamunur, Rashid., et al. “Cyberattacks Detection in IoT-Based Smart City Applications Using Machine Learning Techniques.” International Journal of Environmental Research and Public Health 17, no. 24 (December 14, 2020): 9347. Retrieved from: <https://doi.org/10.3390/ijerph17249347>

Medium. “Cybersecurity for Smart Cities: Addressing Vulnerabilities in Urban Infrastructure”. Emerging India Analytics, February 2024. Retrieved from: <https://medium.com/@analyticsemergingindia/cybersecurity-for-smart-cities-addressing-vulnerabilities-in-urban-infrastructure-516298a1882e#:~:text=Investing%20in%20advanced%20technologies%20such,before%20they%20cause%20any%20damage.>

Mijwil, Maad M. et al. “Cybersecurity Challenges in Smart Cities: An Overview and Future Prospects”. Mesopotamian Journal of Cybersecurity. Vol. 2022, pp. 1- 4. Retrieved from: <https://www.iasj.net/iasj/download/6b7ef8fef416253e>

Quan, Xiangyu, and Marte C.W. Solheim. 2023. “Public-Private Partnerships in Smart Cities: A Critical Survey and Research Agenda.” City, Culture and Society 32 (March):100491. Retrieved from: <https://doi.org/10.1016/j.ccs.2022.100491>

Rapp, Hermann P., and Moebert, Joechen. “Smart Cities: Investing in the urban future”. Focus Germany, Deutsche Bank Research, October 20, 2023. Retrieved from: <https://www.dbresearch.com/PROD/RPS_EN-PROD/PROD0000000000530349/Smart_Cities%3A_Investing_in_the_urban_future.pdf?undefined&realload=~FwCKBc6XEJ3FEyBsL5KPmoB9DlvuMggYIE4xFVFd1HD6M6ik7YBEvSN9~iSWgQ~>

Seoul Metropolitan Government, “Metaverse Seoul, the New Continent of Seoul.”. Seoul Metropolitan Government. Retrieved from: <https://english.seoul.go.kr/policy/smart-city/metaverse-blockchain/>

Sharma, Shamneesh., and Nidhi Mishra. “Horizoning Recent Trends in the Security of Smart Cities: Exploratory Analysis Using Latent Semantic Analysis.” Journal of Intelligent & Fuzzy Systems 46, no. 1 (January 10, 2024): 579–96. Retrieved from: <https://doi.org/10.3233/JIFS-235210.>

Singapore Ministry of Digital Development and Information “Singapore and Shenzhen Drive Smart City Collaboration with 14 New Projects.” n.d. Singapore Ministry of Digital Development and Information. Accessed December 30, 2024. Retrieved from: <https://www.mddi.gov.sg/media-centre/press-releases/singapore-and-shenzhen-drive-smart-city-collaboration/>

“Smart Cities and Smart Buildings Sector Report” European Cyber Security Organisation (ECSO), March 2018. Retrieved from: <https://ecs-org.eu/?publications=https-ecs-org-eu-documents-publications-5fdb27182b472-pdf>

Smart Cities Council “Smart Cities Council Works to Deliver Sector-Wide Upliftment through Specialized Products and Services.” 2025. Smart Cities Council. December 30, 2025. Retrieved from: <https://smartcitiescouncil.com/smartcitiescouncil/advisory/.>

United Nations Department of Economic and Social Affairs. “68% of the world population is projected to live in urban areas by 2050, says UN”. 16 May 2018. Retrieved from: <https://www.un.org/development/desa/en/news/population/2018-revision-of-world-urbanization-prospects.html>

Urban Technology Alliance “Smart City Diplomacy: A Promising Approach for Global Urban Solutions.” Urban Technology Alliance. Accessed December 30, 2024. Retrieved from: <https://www.urbantechnologyalliance.org/2024/09/25/smart-city-diplomacy-a-promising-approach-for-global-urban-solutions/>.

US-ASEAN Smart Cities Partnership, “CET Smart City Project Pairing Initiative Sends Delegation of U.S. Experts to Singapore.” 2024.. May 30, 2024. Retrieved from: <https://www.usascp.org/us-expert-delegation/>

UTA - Urban Technology Alliance. “Smart City Diplomacy: A Promising Approach for Global Urban Solutions”. Retrieved from: <https://www.urbantechnologyalliance.org/2024/09/25/smart-city-diplomacy-a-promising-approach-for-global-urban-solutions/>

Uyarra, Elvira, Jon Mikel Zabala-Iturriagagoitia, Kieron Flanagan, and Edurne Magro. “Public Procurement, Innovation and Industrial Policy: Rationales, Roles, Capabilities and Implementation.” Research Policy 49, no. 1 (February 2020): 103844. Retrieved from: <https://doi.org/10.1016/j.respol.2019.103844>

Vempati, Smita., & N. Nalini. “Securing Smart Cities: A Cybersecurity Perspective on Integrating IoT, AI, and Machine Learning for Digital Twin Creation.” Journal of Electrical Systems, 20-5s, pp. 2817-2827, 2024. Retrieved from: <https://journal.esrgroups.org/jes/article/view/3052>

Waseem Anwar, Raja. & Saqib Ali. “Smart Cities Security Threat Landscape: A Review”. Computing and Informatics, Vol 41, 2022, pp. 405-423. Retrieved from: <https://www.cai.sk/ojs/index.php/cai/article/view/2022_2_405>

Yin, Chuantao. et al. “A literature survey on smart cities” Science China. Information Sciences, 58 (10), 1-18, 2015. Retrieved from: <https://www.researchgate.net/publication/281670019_A_literature_survey_on_smart_cities>

Yue, Zhai, and Ping Gao. “Understanding the Stakeholders of Smart City Governance.” Machester: Manchester Centre for Digital Development Working Paper 105, 2023. Retrieved from: <https://hummedia.manchester.ac.uk/institutes/gdi/publications/workingpapers/di/dd_wp105.pdf

October 21, 2024 — No Comments

Anastasiia Kazakova on the UN Convention Against Cybercrime

In this series, Anastasiia and ITSS Verona discuss how different ideas, worldviews, and positions of the multistakeholder debate clashed and shaped the UN’s first convention on cybercrime – and how the outcome of this debate will shape the future of the Internet and its users.

Anastasiia Kazakova talks about the UN Convention Against Cybercrime: Actors, Developments, Implications. Anastasiia Kazakova is a Cyber Diplomacy Knowledge Fellow at Diplo Foundation.

Interviewers: Oleg Abdurashitov (Artificial Intelligence, Cyber Security and Space Team) & Mattia Ostini (Human Rights Team)

January 4, 2022 — No Comments

The Far Right’s Threat On and Offline

By: Zachariah Parcels and Lucia Santabarbara.

*Image Source*: https://unsplash.com/photos/efrRLPZukCQ?utm_source=unsplash&utm_medium=referral&utm_content=view-photo-on-unsplash&utm_campaign=unsplash-ios

A United Nations (UN) report in July 2020 by the Security Counterterrorism Committee (CTED) showed a 320 per cent increase over the past five years in attacks by individuals and groups holding right-wing (RW) extremist ideas. The phenomena known as right-wing or far-right extremism is evidently becoming ubiquitous in nature, accelerated by the ever-increasing exchange of online content on social media platforms and imageboards. This article, thus, intends to briefly explore far-right extremism, how it might be defined, the role of the Internet, and the so-called “Lone Wolf” factor. There are various international initiatives that will be touched on to combat this cancerous, heterogeneous movement.

What is far-right extremism?

Scholars and policymakers amalgamate ethnically-, racially-, and gender-based political violence, and various anti-liberal ideologies to define right-wing extremism (RWE). RWE’s heterogeneity translates to problematic umbrella definitions that are not necessarily categorically helpful. Nevertheless, many have attempted to address these conceptual challenges. For example, it might be conceptually useful to frame transnational RWE networks as internal revisionist challengers to the Liberal International Order.

Right-wing extremism (RWE) includes a swath of actors with differentiating beliefs and subcultures; these actors do not necessarily agree with one another or converge. Brenton Tarrant, who carried out the terrorist attack in Christchurch, New Zealand, exemplified the transnational nature of RWE. He wore a patch representing the Azov Brigade, a white supremacist paramilitary group fighting in Eastern Ukraine. He also supposedly interacted with and was evidently inspired by the Norwegian terrorist, Anders Behring Breivik, who carried out a car bombing in Oslo and a mass shooting on Utøya at a Labour Party youth camp.

RWE incorporates ideas such as ultra-nationalism, radical traditionalism, and neo-Nazism. In the United States (US), the Anti-Defamation League (ADL ) perceives RWE dichotomously: there is the white supremacist sphere (the “alt-right,”neo-Nazis, and “racist skinheads”) and the anti-government extremist sphere like the radical militias and the sovereign citizens. ADL also highlights various single-issue movements on the fringes of mainstream social conservative movements that adopt extreme stances, such as anti-immigrant and Islamophobic sentiments. However, there is some intersectionality in the RWE phenomena that is helpful in conceptualising and addressing these ideologies.

Generally, RWE are anti-democratic and anti-liberal (hence, the revision challenger concept). Supremacy is an underlying foundation in RWE streams, which inherently opposes equality. RWE is associated with antisemitism (not necessarily anti-Israel stances; e.g., Anders Behring Breivik), racism, xenophobia, and authoritarianism, to name a few.

There also appears to be shared catalysts in the rise of and a distinguished modi operandi among the various streams of the far right. The far right narratives share a collective memory of infamous events that justify their anti-government positions, namely the Ruby Ridge Standoff (1992), the Waco Seige (1993), the Brady Bill (1994) under former President Bill Clinton (perceived violation of their second amendments), and the Oklahoma City Bombing (1995) carried out by Timothy McVeigh. Two watershed moments further catalysed the rise and normalisation of various far-right notions, possibly unwittingly through political pandering. The election of President Barack Obama (2008-2016) created a nativist and white supremacist counter-reaction while the Presidency of Donald Trump (2016-2020) witnessed the normalisation of nativist, anti-government, anti-liberal, and antisemtic notions, individuals, and groups. For example, Trump infamously refused to denounce the far right and right-wing militia: “... Proud Boys, stand up and stand by…” The Proud Boys, one of many emerging organisations propagating far right notions, was founded by Gavin McInnes and have adopted various misogynistic, Islamophobic, transphobic, anti-immigrant, and, recently, antisimitic stances. The far-right have seemingly embraced Louis Beam’s notion of the “leaderless resistance” - a modi operandi known as “Lone Wolf” terrorism today was discussed as an alternative to a centralised hierarchy at an notorious RWE meeting at Estes Park, Colorado in 1992. This meeting is also perceived as the birthplace of the modern American militia movement.

The Internet and the “Lone Wolf” Risk

Individuals and groups espousing RWE ideologies have an exponentially growing online presence. This growth is being catalysed by the dissemination of conspiracy theories and disinformation that form or galvanise “enemies” in the COVID era’s anti-government zeitgeist. As illustrated through Raffaello Pantucci’s study of Breivik, the internet plays a focal role in disseminating extremist ideologies. The internet actualised Beam’s dreams of a “leaderless resistance” by inciting or mobilising individuals to violence, specifically to act as “lone wolf” terrorists. This was exemplified by Breivik in Norway, Alek Minassian in Toronto (2018), and Brenton Tarrant in New Zealand (2019). Boaz Ganor defines the latter as when one perpetrates a terrorist attack on their own or with the assistance or involvement of others, but without operational ties to any terrorist organisation. Beyond the essentiality to impede online mobilisation to violence to curb this “leaderless resistance,” studies have found that the far right are more likely to learn and communicate online than Jihadist-inspired individuals. Thus, there is plenty of impetus to combat far-right extremism online.

International Initiatives to Combat RWE Content Online

The events before, during, and after the storming of the US Capitol building on 06 January 2021 further illuminates the crucial role the cyber domain is playing in RWE recruitment and propaganda initiatives. The planning and logistical organisation behind the Capitol Hill violence were via social media platforms. They were supported by the spread of disinformation and nationalist propaganda, such as through Telegram, Twitter, and Facebook. Operational information - namely the best times and methods to conduct the attack - were shared on social media months before. Precise details about the streets to take and paths to tread to avoid police checks were disseminated beforehand.

Many governments, and public and private entities have undertaken initiatives and practices to counter RWE online extremism to avoid such expressions of far-right extremism. One such initiative to counter RWE online content followed the abhorrent events in Christchurch in March 2019. New Zeland Prime Minister Jacinda Ardern’s government together with French President, Emmanuel Macron, launched the Christchurch Call with high-tech companies and social media platforms to eliminate terrorist and violent content from social media sites. This initiative was followed also by a severe condemnation by United Nations General Assembly (UNGA) towards “acts of violence based on religion or belief,”alluding to Tarrant’s targeting of Muslim worshippers in Christchurch. On the 2 April 2019, the UNGA released the Resolution Combating terrorism and other acts of violence based on religion or belief, denouncing “the heinous, cowardly terrorist attack.” On 09 October of the same year, after the deadly attack on a synagogue and murder of a regional Christian Democrat (CDU) governor by far-right extremists, Germany approved the Network Enforcement Act. This act aims at preventing the dissemination of far-right online content and combating online hate speech and fake news. A provision also requests social media networks (with more than 100 complaints) to publish biannual reports to clarify how they dealt with complaints about illegal content. Lastly, the Global Internet Forum to Counter Terrorism (GIFCT) - a partnership between the European Union (EU) Internet Forum, Meta, Microsoft, Twitter, YouTube, civil society and academia - was initiated in 2017. The GIFCT adopts a global synergic technological approach based on knowledge sharing and joint research to prevent terrorists and violent extremists from exploiting digital platforms.

However, recent studies consistently show the increasing ubiquity and mobilisation of right-wing extremism networks that make current measures less effective. Recent COVID-19 emergency measures have inaugurated changes entailing limitations on personal freedoms for collective public safety. These pandemic-induced changes have created an anxiety-rich online environment with an abundance of conspiracy theories, disinformation or “fake news,” and memes that normalise violence.

In conclusion, it appears that these challenges to liberal values and public safety demand innovative and persistent approaches. The cyber domain is continuously being exploited to radicalise and propagate far-right, anti-government narratives. Therefore, effective governmental responses - especially in the form of counter-narrative and public resilience initiatives - need to continuously adjust to these dynamic and adaptive revisionist challengers.

June 7, 2021 — 10 Comments

How lonely are the “Lone wolves”?

By: Adelaide Martelli, Francesco Bruno and Shahin Modarres.

Regardless of how violent, inhuman, and detestable terrorism is, it is a social phenomenon. Hence, like other social phenomena, it is a dynamic body that undergoes changes and transforms to adapt to the constantly changing socio-political sphere in different parts of the world. After the major paradigm shift of terrorist organizations from vertical structures to horizontal ones, the third wave of terror attacks was formed based on individuals carrying out terrorist attacks. These individuals are known by the colloquial "lone wolf" and they represent a growing concern due to the complexity of detecting them.

The term "lone wolf" has opened the stage for controversy in defining it. The basis of this controversy mostly manoeuvres on either if the individual radicalized and carried out the event like the famous case of Ted Kaczynski, or he/she has radicalized as the result of an agent-based mechanism of socialization. According to Prof. Mark Hamm, the distinction that differentiates the "lone wolf" phenomenon is based on the executive phase of a terrorist attack. "lone wolf" is the individual who might have been radicalized as the result of group socialization or self-indoctrination but acts alone. Prof. Peter Neumann adds: "a lone wolf is not necessarily a member of a terrorist organization but an individual who has an affinity with them".

In this article, we will discuss two cases of "lone wolf" terrorism to show both the executive phase of "lone actor" and pre-attack radicalization. It is important to recognize that even though the final act in lone wolf terrorism is performed as a solo, it is not an individual effort that has led to that moment. Many lone actors have received logistic and material support from terrorist cells, including explosives and instructions to build devices, safe passes, and even safe homes for the post-op phase (Schuurman, 2017).

Besides the operational level in the case of Younes Tsouli, we will see the importance of "lone actor" radicalization and recruitment on online platforms. And in the case of Mohammed Bouyeri, we will discuss how the term "Lone wolf" can overstate the degree of isolation these individuals go through.

Case of Younes Tsouli

It has sparked a controversial debate on the nature of the “Lone Wolf” as an individual with a focus on both psychological and personality factors, and external in terms of environment, friendships, and family ties. This part of the paper in relation to “Lone Wolves” will be using a different theoretical approach argued by Marc Sageman in Leaderless Jihad and characterized by the development of a new environment and processes of radicalization primarily based on the Internet. The importance here is the interaction between members on online portals and forums accessible exclusively by invitation, where complete anonymized strangers interact expressing their views on their hopes for Islam. What is interesting in this case is the fact that such forums provide a community for these individuals to interact with each other “this mutual sharing makes them feel even closer to each other in a virtual process similar to the one previously described as in-group love with face-to-face interactions. This provides them with a sense of belonging to a greater community on the basis of what they have in common, Islam” (Sageman, 2008). This perspective provides an alternative view on Lone Wolf, as this article argues, it is possible to define as “Lone Wolf” someone who acts are characterized by “lone” actions, but in reality, there is a variety of social interactions which made such cases less “lonely”.

The example that will be used to shed some light on the action of a Lone Wolf is the case of Younes Tsouli, also called Terrorist 007, and the “most wanted cyber-jihadist” according to the Association of Chief Police Officers (ACPO). He began by appearing on websites such as “Islamic Terrorists” where he came across as an agitator, following that in 2004, he began to reach popularity as an expert cyber-jihadists providing not only terrorist material to online forums where he could directly radicalize youths, but he also was able to provide inside of US military bases in Iraq. More importantly, Younes was able to become a pillar for Al-Qaeda’s propaganda in Britain, despite, as the judge at his trial pointed out that he never himself came close to a firearm or committed a crime physically according to ACPO. His role alone had indirectly created a space for jihadist propaganda gaining support by the leader of Al-Qaeda in Iraq, Musab Al-Zarqawi facilitating the contacts across thousands of “lone wolves” across the globe (Jacobson, 2010). Therefore, to answer the question, are “Lone” wolves really lonely? They are not as demonstrated by the case of Younis Tsouli.

Case of Mohammed Bouyeri

The case of Mohammed Bouyeri, the 2006 Amsterdam attacker who killed Theo Van Gogh, is peculiar to analyze lone wolves’ networks during their radicalization and plotting process. He is considered as the first European Islamic lone wolf (Zogno, 2018), and, contrarily to what is generally thought, he was not so detached from social interactions. Bouyeri was born in Holland to Moroccan parents, and reportedly both he and his family were well integrated into the Dutch Community (Nesser, 2005).

Thanks to the documents retrieved from his computer after his arrest we have information regarding his radicalization and indoctrination processes (Sageman, 2008). In 2001 he went to prison, and there he started reading the Quran, which may be suggested by other prisoners, faith became his light during this dark period (Peters, 2016). The second event that influenced him towards a stricter interpretation of Islam was the death of his sick mother, since then he appeared increasingly isolated from the larger society (Cottee, 2014).

However, the biggest turning point was in 2003 as a consequence of two major events: Firstly, Dutch authorities refused Bouyeri’s proposal to open a youth club for immigrants; secondly, he entrenched a tight relationship with the fundamentalist Imam Abou Khaled (Nesser, 2012). Bouyeri started attending the meeting held by Abou Khaled, where he learned how to conduct his life following Sharia law so that he completely changed his previous lifestyle (Peters, 2016). Not only, but he also met several like-minded people with whom he established the Dutch Islamist group called the Hofstadgroup (Adjiembaks, 2016). Except for the people inside his network, he was very isolated from the larger society and he used to spend his time writing and disseminating extremist beliefs online (Kaplan et al., 2017;De Koning, 2013). In this period, he changed his name to Abu Zubair, in memory of the homonymous Al-Qaeda commander.

The triggering event before the attack was the documentary “Submission” produced by Theo Van Gogh and Hirsi Ali in 2004, perceived by him and many other Muslims as offensive to Islam (Peters, 2016). Simultaneously, Al-Qaeda in Iraq (AQI) promoted a campaign in favor of kidnapping and decapitation, that apparently influenced Bouyeri’s attack plan (Nesser, 2012) . In fact, on the 2nd of November 2004 Mohammed Bouyeri, alias Abu Zubair, shot Theo Van Gogh eight times, tried to behead him, and then pinned on him with a knife an Open letter against Hirsi Ali (Nesser, 2012; De Koning, 2013) . Shortly after the attack, Bouyeri was arrested and sentenced to life in prison (Finseraas et al., 2011).

Both mentioned cases show an inpatient process of labeling these terrorist actors as with the term "Lone wolf". Mostly these actors have interpersonal, ideological, and operational ties to larger groups. (Gartenstein-Ross, 2017) Thinking of them as isolated individuals can develop conceptual confusion. The reason behind their solo act in some cases usually roots from a sense of secrecy and fear of being trapped into leakage behavior. A considerable number of these actors have expressed violent intention across the border of human norms, long before executing their plans. Their posts and socialization have been a clear cry for attention months and even years before the planning phase. (Gill, Horgan, and Deckert, 2020) This behavior, known as the "leakage behavior" has been a tremendous help for intelligence agencies and counter-terrorism professionals to detect them and surveil their activities. (Meloy and O'Toole, 2011) In some cases, the main reason behind acting alone has been their incapability of recruiting other members to the potential terrorist cell that they had in mind.As the result of a cost-benefit estimation, certain actors during recent years showed more tendency to cut their ties and communication from their niche in order to secure the required secrecy needed for the optimization of their plans. These actors preferred to reduce their vulnerability towards detection and infiltration by cutting ties with other members and their cells before executing their plans. (Bakker and De Graaf, 2012) Both elements of detection and infiltration have successfully neutralized many terrorist plots in advance and this has become a warning for more skill-developed actors to isolate themselves from their peers while planning a terrorist plot and later during the execution phase. This of course does not mean that all these actors were originally isolated individuals with anti-social behavior by their choice of acting alone was indeed the result of a strategic decision-making process.

This article has been rectified on June 9th, 2021. Younes Tsouli has already served his sentence.