Schedule – Oct 28, 2025

"Smart City" has been a trendy buzzphrase used by politicians, city planners, and tech companies for over a decade now — but their shiny promises gloss over dangerous realities. Downtime and damages in municipalities due to cyberattacks regularly make the news, but we focus primarily on securing and recovering IT systems. Smart Cities by nature use a combination of IT and OT systems, but have no established or holistic approach for managing overlapping risks to both. The consequences to security from varied stakeholders involved in Smart City planning and implementation go unexamined. Human hazards, vulnerable devices, and data management issues build on these to create diverse and creative attack paths for all sorts of threat actors.

Smart Cities present a ubiquitous and unique combination of risks which must be comprehensively assessed in order to improve procedural and operational security, reliability, and resilience. By reframing our understanding of what Smart Cities are, we can use and integrate pre-existing actionable strategies to prepare and defend against threats ranging from pandemics to nation-state attacks. As politically motivated cyberattacks expand in reach and collateral radius, we need to prepare our cities for when they become the next battlefield.

This talk aims to expand our definition of Smart Cities; discuss the data, human, and technological risks that they face; and share resources on how to deal with them.