1 Introduction

The term ‘smart cities’ generally refers to the use of technology-based solutions to enhance the quality of life for citizens, improve interaction with government and promote sustainable development (Chourabi et al. 2012; Yahia et al. 2019; Yu and Xu 2018). A city can be described as smart where social, environmental and economic development factors are balanced and linked via devolved processes to more efficiently manage key assets, resources and urban flows for real-time processes (Komninos 2013; Yeh 2017). Smart cities are designed around an Information and Communication Technology (ICT) based infrastructure with Internet of Things (IoT) enabled sensor technology to support social and urban interconnectivity through greater citizen interaction and government efficiency (Albino et al. 2015; Alter 2019; Gupta et al. 2019b; Janssen et al. 2019; Lom and Pribyl 2020; Mamonov and Koufaris 2020; Manfreda et al. 2019; Yeh 2017). A number of cities throughout the world have embraced the smart philosophy and have either developed their infrastructure toward this new status or are actively pursuing strategies to adapt their existing assets and networks. These include London, New York, Paris, Amsterdam, Reykjavik, Tokyo, Busan, Dubai, Stockholm and Santander (Forbes 2019; Peris-Ortiz et al. 2016; Simonofski et al. 2019). The Government of India (GoI) has announced plans to develop 100 smart cities throughout the country to drive economic growth via the creation of technological solutions for citizen interaction (Praharaj et al. 2018). The top down, government led approach within China has led to a large number of smart city projects that are viewed as policy based decisions to potentially reshape economic structures, transform economic development, re-educate and enhance the competitiveness of workers and improve government capacity and efficiency in the context of energy management and environmental pollution (Yu and Xu 2018). The technology spending on smart city initiatives worldwide is currently $81 billion and predicted to reach $158 billion (US) by 2022, highlighting the significance attached to these city transformations (Statista 2019).

Smart city designers utilise modern technologies such as mobile cloud computing, electronic objects, networks, sensors and machine learning technologies to enable the different components of smart cities to cooperate and interact with the network architecture (Ismagilova et al. 2019b; Singh et al. 2019). The inherent complexity and new methods of citizen interaction required for the change to existing infrastructure, highlights the significant political, regulatory and technical challenges for governments and regional authorities. One of the key challenges in the development of smart cities is the processing and management of data. This relates to data already present within city databases but also the linking of data with new systems and sensors present within the smart city, that impact security and privacy (Van Zoonen 2016). The threats stemming from information security, data privacy and cyber-related factors where unauthorised access to information can cause undesired consequences, highlights the criticality of addressing these issues early within the design and development stage of smart cities (Chatterjee et al. 2019; Elmaghraby and Losavio 2014).

The literature has developed a number of studies that have presented reviews of the smart city literature (Albino et al. 2015; Anthopoulos 2015; Bibri and Krogstie 2017; Chatterjee and Kar 2015; Ismagiloiva et al. 2019a; Kar et al. 2019; Rana et al. 2019). However, researchers seem to have omitted to offer a meaningful analysis of the significant threats to data security and the inherent complexities surrounding privacy within smart cities. This research aims to bridge this gap in the literature by conducting a comprehensive analysis of the many issues and key complexities relating to privacy, security, and risk issues within smart cities. In alignment with the guidance in Pare et al. (2015), we conduct a theoretical review of current studies and available literature on privacy, security, and risks within smart cities and develop a smart cities security & privacy framework.

The current study aims to address the following questions:

  • What is the current state of knowledge relating to security, privacy, and risk within smart cities?

  • What are the smart cities’ challenges in areas relating to privacy, security, and risk from a number of stakeholder perspectives?

The analysis and findings of this research are presented as offering an informative and timely framework for research on this topic, useful to academics and practitioners alike.

The remaining sections of the paper are organised as follows. Section 2 provides an overview of the methods used to identify relevant studies to be included in this research. Section 3 details the discussion of the emerging themes from the existing research on security and privacy in smart cities. Section 4 discusses many of the key aspects of the research in the context of significant challenges to the further development of smart cities and presents a conceptual framework on security and privacy issues. The study is concluded in Section 5. The limitations and directions for future research are presented in Section 6.

2 Research Methodology

The approach utilised in this study aligns with the recommendations in Moher et al. (2009) and Kitchenham (2004). The study applied the following steps for systematic search of the relevant papers: (1) development of protocol; (2) filtration of research papers by title, keywords and abstract; (3) extraction of data from the selected papers.

Development of protocol. To identify relevant articles from the literature a keyword search was employed. The search was restricted to peer-reviewed research papers. A number of separate keyword searches were utilised, namely “Smart City” OR “Smart Cities” AND “Privacy” OR “Security” OR “Risk” were searched via Scopus database. The Scopus database was selected for this study as it includes a catalogue of more than 50 million records from approximately 20,500 titles and 5,000 publishers (Montoya et al. 2016). As a result, this database can be useful for searching and locating a substantial proportion of the published peer-reviewed research papers in the area of smart cities research. Additionally, by using online databases for conducting a systematic literature the search aligned with the emerging culture narrative, highlighted by a number of information systems researchers (Gupta et al. 2019a; Heidt et al. 2019; Hughes et al. 2019; Papagiannidis and Marikyan 2020; Tamilmani et al. 2020). From the Scopus database, only peer-reviews papers that were published in English were considered. The search resulted in 99 articles returned. This comprehensive search strategy allowed us to minimise source bias and return sufficient articles for a comprehensive review (Dwivedi et al. 2019).

Filtration of research papers by title, keywords and abstract

All studies were analysed and processed by the authors then reviewed based on title, keywords and abstract to ensure validity and relevance that the research offered contribution to the smart cities’ discussion in the context of risk, privacy and security. Based on the inclusion criteria, the review of the 99 articles yielded 94 that were selected as offering relevance for this study.

Extraction of data from the selected papers

The following data were extracted from each research paper: (1) Year of publication of the research paper; (2) Name of the journal in which the research paper was published; (3) Bibliographic reference including title, year, author, and source of the research paper; (4) The main objective of the research paper; and (5) Findings of the research paper. The selected articles have appeared in 30 separate journals, including seven journals that have published two or more articles relating to privacy and security in smart cities (Table 1). The remaining 23 journals have contributed just one article each. To systematically provide academic insights on the research themes, identified studies were divided into broad smart cities related key themes.

Table 1 Journals publishing two or more studies on security, privacy and risk within smart cities

The chronological view by volume of the articles on security and privacy within smart cities is presented in Fig. 1 and depicts the increasing academic interest over recent years.

Fig. 1
figure 1

Publications on privacy, security, and risks in smart cities: 2010–2019

3 Literature Review

The wider literature has tended to focus on a number of broad smart cities related key themes namely: the privacy and security of mobile devices and services; smart cities infrastructure and technical architecture; power systems utilised within smart cities; smart healthcare; security and privacy frameworks; algorithms and protocols; operational threats for smart cities; application of blockchain solutions within smart cities; and social media and smart cities.

Figure 2 presents the research themes and the percentage of papers grouped under each theme. The themes and related references are listed in Table 2. The subsections of the article generated discussion around each theme providing insights to research carried under the respective main themes

Fig. 2
figure 2

Clusters of research themes

Table 2 Smart cities themes and references within the literature

3.1 Privacy and Security of Mobile Devices and Services

Mobile devices are the backbone of interacting with the smart cities network infrastructure but present new challenges to the security and privacy of users where sensitive data could be vulnerable to attack by third parties. The Abi Sen et al. (2018) study proposed the use of fog computing properties such as caching, cooperating and acting as a broker between users and use of the cloud to mitigate security threats. The study presented three novel approaches for satisfying the required privacy of mobile devices within smart cities. The first approach utilised the concept of foggy dummies to protect the privacy of the user; the second incorporated a blind third party where a trust relationship is developed to protect the user from the server provider; the third approach used the concept of a double foggy cache to solve the trust issue between peers with a traditional cooperation approach. The Abi Sen et al. research posits the advantages of these approaches where there is no requirement to trust the party fully. The authors assert there is less overhead when compared to private information retrieval and the server provider cannot collect data on behavioural aspects of the user.

Privacy-preserving authentication (PPA) protocols for mobile services have emerged as a promising cryptographic approach to provide authentication and privacy protection features for smart cities. The research presented in Li et al. (2019) analysed the PPA protocol suitability for mobile services within a typical mobile service application in a smart city context. The research findings outlined the efficiency of PPA when compared to other competing protocols, demonstrating that the proposed PPA protocol would exhibit less computation and communication overheads when deployed in mobile service applications for smart cities.

3.2 Smart City Infrastructure

A number of articles focused on smart city infrastructure and ways to overcome security and privacy issues within smart cities (Abosaq 2019; Ainane et al. 2018; Alandjani 2018; Antoine Picon 2019; Awad et al. 2019; Baryshev et al. 2016; Bernardes et al. 2018; Chatterjee et al. 2017; de Amorim et al. 2019). The IoT plays a pivotal role within the infrastructure of smart cities as it provides the network architecture responsible for gathering and processing data from distributed sensors and smart devices. Studies generally categorise attacks on IoT devices into external and internal - attacks (Alromaihi et al. 2018; Mo et al. 2010).

The vulnerability of IoT based applications is directly related to the network paradigm where physical objects such as sensor based devices collect data on key interactions within the network and communicate via wireless or wired connections. The data which is uploaded, processed and stored can exhibit key vulnerabilities in the form of man-in-the-middle attacks and denial-of-service attacks. As a result, collecting and transferring data via the use of IoT infrastructure could severely impact the security and privacy of smart cities unless precautionary measures are implemented (Awad et al. 2019). Studies have argued that privacy can be easily compromised due to the high levels of interaction between people, devices and sensors, thus highlighting the need for this data to be fully protected (Antoine Picon 2019; Elmaghraby and Losavio 2014). Studies have posited the merits of a more strategic focus on smart city security looking beyond aspects of data privacy toward a smart securitisation policy (Efthymiopoulos 2015). The study by Ferraz and Ferraz (2014a) argued that information security does not only include privacy, confidentiality, integrity and availability, but also includes interoperable security that represents the idea of a general failure of the urban system.

The data flows and exchanges between network components and the IoT should be subject to effective risk management in assessing and responding to threats within smart cities and the challenges of the technical sophistication gap and standards immaturity (Ainane et al. 2018; Alandjani 2018). Researchers have sought to identify technological solutions to deal with privacy and wider information security challenges. The study by Abosaq (2019) analysed the privacy issues faced by smart cities including authentication, access control, confidentiality, trust, data security, policy implementation and secure middleware. The author designed and simulated a smart city model connected with mandatory communication devices that produced data for a number of sensors. The study proposed that data privacy can be achieved by a Fast ID Online (FIDO) authentication process (Fido Alliance 2019) for the device to network or device to cloud authentication and that data privacy should be considered an integral element of the smart city infrastructure (Abosaq 2019). The privacy aspects inherent within smart city network traffic infrastructure were analysed in De Fuentes et al. (2017), where the study posited the benefits of an Attribute-Based Credentials (ABCs) solution to help address the issue of disclosure of unnecessary data. The research recommended an Idemix based approach due to its performance efficiencies and compatibility with existing smart city road traffic services. The research by Hiller and Blanke (2017) posited the suitability of utilising resilience theory which is concerned with the ability of an organism to survive and evolve into better states. The study views privacy as a system and examines it through the resiliency lens, framing the question of how privacy can adapt and survive within a smart city.

Khan et al. (2014) identified a list of stakeholders and modelled their involvement within the smart city context. The stakeholder mapping included: service consumers, legitimate service providers, untrusted service providers, IT experts, data custodians, standard governing bodies and domain experts. Based on the proposed stakeholder model, the study developed a security and privacy framework for secure and privacy-aware service provisioning in smart cities. The framework aimed to provide end-to-end security and privacy features for trustable data acquisition, transmission, processing and legitimate service provisioning, demonstrating the proposed frameworks ability to mitigate stakeholder security and privacy concerns. Additional relevant frameworks include the one proposed in Vitunskaite et al. (2019), that performed a comparative smart city case study of Barcelona, Singapore and London on their governance models, security measures, technical standards and third party management. The framework encompassed technical standards, governance input, regulatory framework and compliance assurance to ensure information security is observed within all layers of the smart city infrastructure.

Smart cities are comprised of a significant number of different sensors, interaction devices, network access points, specialised hardware and software. These key assets need to be integrated within the smart city infrastructure and maintained to ensure systems are not degraded and valuable services are operable. The study by Waedt et al. (2016) focused on the manual and automatic asset identification, annotation and tracking of graded Application Security Controls (ASCs) that can benefit from comprehensive and formalized asset management. This included the availability and integrity of fixed and mobile technology assets and the reliability and integrity of software assets installed on servers and cloud environments. The Waedt et al. (2016) study asserts that rigorous and pervasive asset management provides value beyond security to mitigate the misuse of assets for sophisticated attacks targeting combinations of version-specific vulnerabilities.

3.3 Smart Power Systems

The power system aspects of smart cities are of critical importance within the overall security and privacy infrastructure, as third parties connected to the grid could monitor usage patterns and predict consumers’ behaviour. The wireless network technology focussed nature of the many systems that supply and control heat and light to smart cities, could expose the grid to security vulnerabilities. Alamaniotis et al. (2017) presented an intelligent methodology for enhancing privacy within smart power systems. The proposed methodology utilised demand patterns for several consumers connected to the power grid to provide a new consumption pattern. The new pattern hides individual consumer characteristics via a particle swarm optimisation process. The study tested the proposed methodology on a set of real consumption patterns benchmarked against a genetic algorithm demonstrating that the proposed methodology is efficient. The study by Sanduleac et al. (2016) addressed two main aspects of smart city implementation; namely: (i) multi-energy streams when different utilities serve different energy networks in the city such as electricity, gas, and heat (ii) the issue of engaging the citizens by sharing their private energy data profile, as an alternative to implementations that fail to progress from small pilots to large deployment.

3.4 Smart Healthcare

The security and privacy of healthcare services and concepts within smart cities are a key factor in the overall minimal disclosure of data and information security infrastructure (Maria De Fuentes et al. 2018). The research by Alromaihi et al. (2018) identified the main security and privacy challenges in designing IoT architecture in the context of healthcare applications, highlighting the increased use of sensors for medicine and healthcare applications over the last decade. The study identified key threats from personal health related data captured via sensors for e.g. heart rate and also blood pressure and the importance of an integrated security solution for the entire system. The benefits of data collaboration within a secure mobile healthcare and social system have been proposed in Huang et al. (2017). The study developed a solution that allowed a data owner to authorise third party healthcare provider data analysis by re-encrypting Attribute-Based Encryption (ABE) and identity-based broadcast encryption (IBBE). The proposed scheme used encryption and decryption processes that effectively delegate most of the computation cost to the cloud. As a result, the computation overhead of resource-constrained mobile devices are reduced, with subsequent improvements in security and efficiency.

3.5 Frameworks, Models, Algorithms and Protocols to Improve Security and Privacy

As smart cities face a number of challenges connected to security and privacy, some studies proposed various frameworks, models and algorithms to improve these issues (Al-Dhubhani et al. 2018; Antonopoulos et al. 2017; Avgerou et al. 2016; Beltran et al. 2017; Burange and Misalkar 2015; Cagliero et al. 2015). This aspect of the literature has focused on encryption algorithms to build in security to smart city systems. The Antonopoulos et al. (2017) study tests high-level security feature algorithms by using Wireless Sensor Network (WSN) development. Stromire and Potoczny-Jones (2018) proposed to integrate an end-to-end cryptography system into smart city solutions at a foundation level. During any data breach, nothing about the data would be revealed by applying this system. Similarly, Lai et al. (2017) used an encryption approach in proposing a scheme titled Fully Privacy-Preserving and Revocable Identity-Based Broadcast Encryption (FPPRIB). The proposed scheme aimed to preserve the data privacy and the identity privacy of the receiver as well as the revoked user. The data can be securely protected and only the authorised user can access the data. The revocation process does not reveal any information about the data contents or the receiver identity and the public learn nothing about the receiver identity and the revoked user identity. These properties lead to applications in the smart city where identity privacy is desirable. The study by Patsakis et al. (2015) developed a cryptographic protocol which manages the huge amount of personal information that could be generated through e-participation in a scalable, interoperable manner, which guarantees the privacy of citizens within smart cities.

Network access control plays an important role in any communication system. It is important to develop adequate security of IoT system access to prevent any intruder from taking control of IoT devices or disclosing confidential information stored at object or node level. Beltran et al. (2017) introduced SMARTIE, an integrating platform for user-centric secure IoT applications. It preserves user privacy while guaranteeing scalability and efficiency. The proposed platform efficiently provides decentralised access control for IoT devices based on user privacy preferences. The aim of SMARTIE is to facilitate the integration of user-centric privacy and governance within IoT applications in a scalable and efficient mode. The authors highlighted that the proposed application will allow users to control their devices that join the application in terms of sensing and publishing data and enable fine-grained access control rules for their devices whilst deciding who can and cannot be in possession of their device data. The solutions proposed by Burange and Misalkar (2015) and Peters et al. (2019) mitigate privacy risks by providing the final decision maker with the opportunity to finalise network access for the client thereby protecting the privacy of user data. The Peters et al. (2019) study proposed a privacy awareness framework - PrivacyZones, which requires the service provider to share meaningful features of the data collected by their application. The proposed framework was successfully tested using two case study services (Hail-A-Taxi and Get-A-Discount).

Use of AI can improve security and privacy in smart cities. González García et al. (2017) proposed and tested the analysis of pictures through computer vision to detect people in the analysed images. By using different tests, it was found that the system detects pictures with heads and shoulders more accurately in comparison with other images. Additionally, the study found that it is possible to integrate computer vision within IoT networks and that pictures can be used as sensors thereby, helping to improve the security of homes within smart cities. Huerta and Salazar (2019) proposed a framework by using AI and cognitive functions, which is capable of learning to understand, analyse and audit every product in an automated intelligent manner.

Gheisariy et al. (2019) discovered that a number of existing solutions have three major drawbacks. First, applying one static privacy-preserving method for the entire system; second, sending the whole data at once and third, a lack of context-awareness. These aspects can lead to an unacceptable high level of privacy-preserving overhead. In order to deal with these issues, the authors proposed a software-defined networking paradigm that can be directly applied to smart city applications. The Guo et al. (2017) study used an attribute-based trust negotiation scheme for communication between devices within a smart city. The research modelled the trust negotiation process using homographic encryption to guarantee its security. The proposed protocol ensured that a device satisfies its counterparty’s access policy whilst disclosing minimal privacy.

The cloud-oriented architecture solution proposed in Krichen and Alroobaea (2019) posited a new model-based framework for testing security properties of IoT based systems within smart cities by describing the strategy adopted by the malicious party which intends to violate the security of the considered IoT system. The Han et al. (2019) study developed a lightweight and privacy-preserving public cloud-auditing scheme for smart cities that does not require bilinear pairings. The proposed pairing-free scheme allowed a third-party auditor to generate authentication meta-data on behalf of users and provided data privacy against third-party auditors and cloud service providers. The Han et al. study found that the proposed scheme is more secure and efficient in comparison with the existing public cloud auditing schemes.

Aspects of the literature have focused on security and privacy systems for the business environment. The Avgerou et al. (2016) study proposed the deployment of a Privacy-ABCs based authentication system into a generic eBusiness model that provides collective intelligence based eServices within Smart Cities. The model entailed the collective intelligence-interactions between citizens and facilities of smart cities and a privacy-enhancing technology titled attribute-based credentials. By using this approach buying history and consumer behaviour of citizens remains private while interacting with the eCommerce based ecosystem. The research outlined in Cagliero et al. (2015) presented a non-emergency data analyser study the perception of citizens on urban security in the context of the business environment.

The role of software within smart cities is essential, but it brings some privacy and security issues such as exchange of application data, problems related to tracking, effects of hacking, authentication of datasets, increase in personal data thefts, access to information in data centres, effect of other applications and economic pressure (Sen et al. 2013). The study by Sucasas et al. (2018) proposed an OAuth 2.0 based protocol for smart city mobile applications that addressed the user privacy issue by integrating a pseudonym-based signature scheme and a signature delegation scheme into the OAuth 2.0 protocol flow. The proposed solution allows users to self-generate user-specific and app-specific pseudonyms on-demand and ensures privacy-enhanced user authentication at the Service Provider side.

Some studies criticised the existing work and proposed new solutions (Gope et al. 2018; Xie and Hwang 2019; Zang et al. 2017). For example, Xie and Hwang (2019) showed that the scheme proposed by Xiao et al. (2017) lacks two-factor security, and suffers from an impersonation attack. To mitigate these problems, an improved roaming authentication protocol with two-factor security was proposed, secured by using an applied pi calculus-based formal validation tool ProVerif demonstrating enhanced efficiency in comparison with some related schemes.

Zang et al. (2017) asserted that the security protocol proposed in Sookhak et al. (2015) has inherent security flaws, thus failing to achieve its original goal. Specifically, this protocol is vulnerable to two types of attacks, namely - replace attack and replay attack. The study showed how a malicious server can deceive data owners to believe that data is being maintained effectively by launching such attacks. Additionally, it described an improved Remote Database Access (RDA) protocol by utilizing algebraic signatures to fix security flaws. The solution employed the rank-based Merkle Hash Tree to achieve verifiable dynamic data operations. Moreover, the study provided detailed security proof of the proposed RDA protocol. Gope et al. (2018) criticised existing Radio-Frequency IDentification (RFID) technology for its compromise on privacy and forgery detection problems and heavy computation burden due to the very limited computation capability of RFID tags. The study attempted to address these issues by proposing an RFID-based authentication architecture for distributed IoT applications suitable for smart environments.

3.6 Operational Vulnerabilities for Smart Cities

Data within smart city applications should be able to withstand modification, disruption, inspection, unauthorised access, disclosure and annihilation. Basic requirements for security and privacy include confidentiality, integrity, availability, nonrepudiation, access control and privacy (Dewi Rosadi et al. 2018). Smart city residents can face security and privacy issues due to smart city app vulnerabilities, however, without perceived security protection and privacy, the public might hesitate to use smart city mobile applications. Privacy is a core issue within smart cities and one that can be directly linked to the minimal understanding of privacy from local government and business in the way they collect and process personal data. Often they do not provide the community with the opportunity and mechanism for consent (Dewi Rosadi et al. 2018).

Some studies focus on smart city initiatives for specific countries, such as Indonesia (Dewi Rosadi et al. 2018), China (Yang and Xu 2018), and Austria (Dhungana et al. 2015). The research outlined in Dewi Rosadi et al. (2018) explored and analysed the privacy concerns within smart cities in Indonesia, highlighting the complexities of increased amounts of stored and communicated personal information that can be gathered and stored then distributed across multiple devices, services and locations. Yang and Xu (2018) examined applicable laws and regulations in the Chinese context. The authors argued that there is no functional privacy law in China that would apply to most data collected by smart city infrastructure; nor is there any law that would protect any personal data collected under this framework. Some countries (e.g. UK) have recently developed various laws that help legally protect the privacy rights of their citizens (GDPR 2019). For example, the EU General Data Protection Regulation (GDPR) provides essential guidance to achieve a fair balance between the interests of IoT providers and users. Wachter (2018) argues that GDPR standards need further specification and implementation into the design of IoT technologies.

Other legal issues such as jurisdiction, governance of data and handling consent in smart cities were highlighted by Grieman (2019). Dhungana et al. (2015) discussed cases from the Vienna smart city project outlining a number of data analytics scenarios to describe the measures adopted for secure handling of data. The study identified the following privacy and security challenges: privacy guarantees, flexibility privacy policies, anonymity, and data provenance. The project used anonymization, data aggregation, data perturbation and randomization, and cryptographic framework for data mining. It was found that the chosen solution had an impact on the public awareness and acceptability of the smart city project.

While Aldairi and Tawalbeh (2017) and Ferraz and Ferraz (2014b) focused on infrastructure security issues such as eavesdropping, theft, denial of service, information tracking, user/citizens data losses and other threats (e.g. hardware failure, software crash, environment and nature behaviour), Baig et al. (2017) presented a holistic view of the security landscape of a smart city by identifying security threats. The study argued that different components of smart cities have a number of security threats. For example, smart grids have protocol vulnerabilities, privacy, eavesdropping, and attacks on internet-connected devices. Building Automation systems have security threats such as highly trusted devices, long device lifecycle lack of source authentication, and insecure protocols. For unmanned aerial vehicles, security threats include communication interaction, communication injection, and communication jamming. For smart vehicles issues could be related to a physical threat, communication interception, data security, and DoS. For IoT sensors, security threats could include maintaining the confidentiality of data, secure communication, data management, data storage, sensor failure and remote exploitation. Finally, for cloud platform security - threats could include data leakage, malicious insider threats, insecure API, DoS, malware injection attacks, system and application vulnerabilities.

Studies have analysed many of the security threats within smart cities offering a number of potential solutions. Kitchin and Dodge (2019) suggested a wider set of systemic interventions such as security-by-design, remedial security patching and replacement, the formation of core security and computer emergency response teams, a change in procurement procedures, and continuing professional development. Srivastava et al. (2017) presented some smart solutions to safety and security which are enhanced by the use of Artificial Intelligence (AI). The solutions which are already in place in some developed smart cities are gunshot detection sensors, video surveillance and analytics, drones, and cybersecurity. However, Vattapparamban et al. (2016) argue that the use of these technologies (e.g. drones) can result in a number of technical and societal concerns regarding cybersecurity, privacy, and public safety.

While most of the studies in this area focus on privacy and security risks, Velasquez et al. (2018) argued that it is important to consider natural risks when planning smart cities. The study proposed a new architecture which includes the fundamental services that need to be preserved and prioritised within a smart city. The research undertaken by Techatassanasoontorn and Suo (2010) utilising archival and interview data found five risk categories in the municipal broadband project. The interviews were conducted with public policy experts, telecom consultants, and government officers. The following risks were identified: (1) social-political; (2) approval; (3) financial; (4) technical; (5) partnership. The study identified that some of the categories of threats such as socio-political risks have an impact on each other and argue that risk management and risk mitigation strategies are required to take a more holistic view of all threats and their interconnections instead of focusing on each type of risk separately.

3.7 Use and Adoption of Smart Services by Citizens (Success of Smart Services

A number of studies highlighted the importance of perceived security and privacy in smart cities services by citizens (Belanche-Gracia et al. 2015; Chatterjee et al. 2018; Cilliers and Flowerday 2014; Cilliers and Flowerday 2015; Van Heek et al. 2016; van Zoonen 2016). It was found that perceived security and privacy significantly affect the use and adoption of smart services by citizens. For example, Belanche-Gracia et al. (2015) investigated attitudes towards continuance relating to smartcards, user identification, access to local facilities, and payment of small fees for basic services. By using data collected from 398 individuals living in Spain and using Partial Least Square (PLS) analysis, it was found that security has a significant effect on continuance intention of smart card use. Surprisingly, it was found that privacy does not influence intention. It can be explained that the personal information appearing in the card is very limited. As a result, cardholders did not seem to be perturbed by the privacy issues related to smartcard use. By taking into account the fact that security has a positive effect on the use of smart card services, it is advised that public managers and smart card developers need to guarantee smartcard security in order to make the service useful and worthy of the use for citizens.

Some studies claim that the success of the crowdfunding project depends on the perceived trustworthiness of the crowdsourcing system (Cilliers and Flowerday 2015; Cilliers and Flowerday 2014). Cilliers and Flowerday (2015) examined the relationships between the privacy, information security and perceived trustworthiness of crowdsourcing system in a smart city. By using a survey of 361 participants from South Africa the study found a positive relationship between information security and the perceived trustworthiness of a crowdsourcing system. Thus, the privacy concerns of citizens using a crowdsourcing process can be addressed by increasing the perceived trustworthiness and the information security of the system. Another study by Cilliers and Flowerday (2014) investigated factors which mitigate information security concerns of citizens participating in a public safety-participatory crowdsourcing smart city project. Via the analysis of data from completed questionnaires, the study found that security aspects of the system such as confidentiality, integrity and availability, were raising the concerns of citizens that took part in the crowdsourcing project. These findings highlight the importance of implementing legislation and adequate technology to protect the confidentiality of citizens. Additionally, it is important to educate citizens about the relevant information security controls to help protect information integrity.

Studies differ on the extent of privacy concerns depending on the type of technologies, data usage and location. According to van Zoonen (2016) there are four areas of concern amongst people in smart cities that range from low levels (impersonal data, service purpose), to extremely high (personal data, surveillance purpose). The study explored how specific technologies (smart bin, smart parking), and data usage (predictive policing, social media monitoring) may produce various privacy concerns. Van Heek et al. (2016) focused on the location where the technology is used. By using survey data from 119 users the study found that surveillance technologies are accepted in the location where crime threat is present such as public spaces (e.g. train stations or parks); whereas, attitudes were different in relation to more private spaces as the perceived threat is deemed to be relatively low and the use of cameras or microphones is distinctly rejected.

While some of the studies just looked citizens use and adoption of smart services, Chatterjee et al. (2018) focused also on IT staff. The study argued that for successful implementation of smart cities it is important to consider the level of expertise of the internal IT staff to develop and support the smart services and citizens’ participation to use these smart services with full confidence and be less worried about security and privacy issues. By using 230 respondents living in India and PLS for data analysis it was found that experience and knowledge of IT authority significantly affect system security and privacy policy which internally affects operational efficiency and user experience which finally has an impact on adoption of IT services in smart cities. Thus, it is important to have proper training and readiness for both categories. Citizens should have proper awareness and understanding of the system while IT authority should have good training and communicate effectively with citizens.

3.8 Use of Blockchain in Smart Cities

Studies have proposed the use of blockchain technologies to solve some of the issues of privacy and security in smart cities (Mora et al. 2019; Noh and Kwon 2019; Ramos and Silva 2019). Mora et al. (2019) proposed that blockchain-based solutions should be implemented within smart cities to help reduce levels of privacy exposure while providing the user benefits such as trusted transactions and better data control. The study conducted experiments to measure the privacy exposure and quantify the number of cloud resources if IoT technology is implemented within blockchain smart contracts to validate the identity, operation and privacy of citizens. The authors argue that the adoption curve to implement blockchain in large-scale scenarios will take time due to obstacles relating to laws and societal norms. There are a number of factors that can affect the use of blockchain technologies in smart cities such as user factors, technical system factors, and legal as well as institutional factors (Noh and Kwon 2019). Ramos and Silva (2019) state that it is important to understand government processes within a political and legal framework while implementing blockchain technologies. The study argues that blockchain might not always be the best solution for data processing and that it is important mitigate some of the risks for data subjects when processing is carried out via blockchain.

3.9 Social Media and Smart Cities

Data collected from online social networks (e.g. Facebook. Instagram, LinkedIn) provides social, economic, and cultural information which can be used by government, policymakers, authorities, and commercial industries. It can help them better understand market trends and behavioural patterns which influence the individual dynamics through open data sources. However, online social networks can cause threats to privacy issues. Moustaka et al. (2019) aimed to address these issues by revealing the risks, threats and individual behaviour associated with online social networks to improve privacy, security and increase community engagement in smart cities. The study identified that the main vulnerabilities of online social networks use are the risks which threaten an individual’s identity, anonymity, personal space, privacy and communication, and security threats caused by third parties. The study states that smart city stakeholders aim to enhance protection of individuals during social networking and encourage the participation in social networks to design and implement appropriate policies which take into account stages of individual behaviour in social networks. The study proposed a relationship model tested and validated by an empirical study in the smart city of Trikala in Greece.

4 Discussion - Smart City Challenges

The advancement of smart cities throughout the world has enabled citizens to communicate with multi-levels of government, gain access to services and enhance the efficiency and effectiveness of system interaction leading to improvements in economic prosperity and quality of life (Nam and Pardo 2011; Yeh 2017). However, significant challenges remain in areas relating to privacy, security and risk from a number of stakeholder perspectives. The literature highlights how these many challenges can impact the benefits to citizens and expose vulnerabilities that could be exploited by third party organisations (Ahmed et al. 2016; Baig et al. 2017). Despite the significant opportunities and merits of IoT enabled smart environments, security and privacy are key factors that expose real threats to the secure operation of smart cities infrastructure (Ahmed et al. 2016).

The evolution of technology and transition towards an integrated digital society is likely to impact many cultural and societal aspects of daily life where the challenges of maintaining human interaction and a sense of belonging and identity, are an integral aspect of being human (Monzon 2015). The literature has presented how these factors can potentially constrain further development and jeopardise the realisation of benefits to citizens and wider stakeholders; where perhaps the interaction and human related factors are omitted (Chauhan et al. 2016; Degbelo et al. 2016). These challenges in the context of the security, privacy and risk within smart cities are outlined below:

4.1 Trust Challenges

The multidimensional nature of smart city initiatives necessitates the need for interaction with human and social capital using technological solutions as the tool to achieve smart city goals in improving the quality of life for its citizens (Monzon 2015). The concept of trust is critical within the smart city context, as the integrated design and underlying technical architecture, is heavily reliant on the efficient and secure communication of large amounts of data. New applications and services have emerged that use this data as they facilitate the communication between citizens and different levels of government. The power of GPS based tracking data, integrated with detailed personal information on shopping habits, location, personal interests, communicated via IoT based infrastructure, poses significant security and privacy concerns (Abosaq 2019; Elmaghraby and Losavio 2014). The new modes of urban governance that exist within the smart city infrastructure, expose a number of new threats to user and network data privacy and confidentiality, in the context of communication and establishing trust between devices (Cho 2012).

The tensions between the development of systems that seek to develop more effective modes of governance and efficiencies, with the potential impact on privacy and confidentiality concerns, is likely to increase. The large amount of data processed by corporate systems within smart city networks, means that organisations and governance authorities will need to balance the benefits of data analytics with individual and societal rights to maintain trust in government (Kitchin 2014). Long lasting trust is reliant on making citizens the central focus in exploiting IoT and smart city opportunities whilst recognizing that firms need to operate within the whole city ecosystem and its many heterogeneous stakeholders (Scuotto et al. 2016).

The development of smart cities can potentially reinforce existing social inequalities and societal bias rather than breaking down these barriers to greater inclusion and integration (Datta 2015). Although the smart city of the near future should be able to achieve significant benefits by seamlessly connecting between both the material and digital world (Nam and Pardo 2011), there exists the risk that this may also effectively disenfranchise sectors of the population that either cannot, or do not wish to interact with the smart city digital infrastructure. This digital disenfranchisement is likely to impact specific demographics who may have concerns over privacy, security or a reticence to engage with new processes and systems, citing security or personal data risks (Joss 2018). There is a risk that smart city initiatives perhaps serve the needs of the technologically astute, the wealthy and effectively institute control and regulation on citizens, particularly those in the periphery of society and social class, less educated in many of the safety and security complexities (Gil-Garcia 2012; Kitchin 2016).

4.2 Operational and Transition Challenges

Few cities throughout the world are designed and developed from the ground up to be smart. The reality is that for many cities throughout the world the key challenge is to develop a managed and strategic transition to smart capability whilst minimising disruption for existing stakeholders and mitigating threats to system integrity and data security. The smart city initiatives within Hong Kong illustrate these complexities where the rapid changes to infrastructure to develop smart buildings are effectively constructed over local ecosystems and are not designed to integrate with the wider bio-region to benefit the whole city (Cugurullo 2018). The implications for the rapid pace of development of smart cities throughout the world indicates the crucial role for case study based research to develop a reflection based narrative (Kitchin 2015). The Brussels case study within Walravens (2015), analyses the mobile technological challenges in the context of platform complexities, highlighting the criticality of including a user perspective when developing new tools and applications. The transitional complexities experienced by the city of Ghent in Belgium where the move to smart based processes was deemed to be problematic, indicates the importance of ambition and leadership driven change (Van den Bergh and Viaene 2015). The issues relating to security and privacy can all too often be side-lined where poor governance has led to inadequate risk assessment of the threats to the operation of the smart city.

The underlying threat of Smart technologies should be viewed from a social and political perspective that reflects the aims and biases of system designers. The one size fits all technologically focussed approach generally applied to smart city initiatives, fails to recognise that solutions are contingent on a number of human centred factors such as: cultural context, history and sense of place (Kitchin 2015). These factors could effectively be “designed in” for new blank canvas smart city developments such as Masdar in Abu Dhabi. However, the adaptation of existing city infrastructure for smart initiatives is problematic leading to increased threats to the security, privacy and sustainability of operations (Awad et al. 2019; Cugurullo 2018). The increasing complexity of interconnected systems poses significant challenges to designing and developing smart city capability that offers robust operational infrastructure (Kitchin 2014). The reality of retrofitting smart cities initiatives effectively integrating the concepts of cities and digital systems, each distinctly highly complex with contingent systems, then binding them together to create environments inherently prone to security vulnerabilities, is a significant challenge and risk to operational capability (Kitchin and Dodge 2011; Townsend 2013).

4.3 Technological Challenges

The significant developments within wireless and sensor-based technologies has paved the way for the widespread deployment of IoT based technologies within smart city environments (Ahmed et al. 2016). The operation of the smart city requires the integration of key technologies such as: IoT, big data, sensors, machine learning and GPS based applications, all of which raise significant threats to the security and integrity of citizen related data. Systems are required to be technologically rigorous with adequate security mechanisms to prevent data breaches and expose vulnerabilities. The significant risks and inherent complexities of data acquisition, storage and transmission from smart city infrastructure such as: smart grids, building automation systems, Unmanned Aerial Vehicles (UAV) and Electric Vehicles (EVs), remain largely unaddressed (Baig et al. 2017). Smart city network architectures are likely to need to cater for the ever-increasing volumes of data from a heterogeneous set of interaction devices, sensors and systems (Silva et al. 2018). The low quality and somewhat disparate nature of smart city data can be detrimental to the effectiveness and accuracy of critical systems. These factors pose additional risk in the context of large-scale deployment of multi-vendor systems and devices with state of the art technologies (Barnaghi et al. 2015; Nam and Pardo 2011).

The limited number of case studies that have explored some of the key factors relating to risks associated with privacy and security within smart cities, highlights the threats from poorly defined roles and responsibilities of different parties, lack of common understanding of key security requirements not shared between parties, flexibility of privacy policies, anonymity, and data provenance as key factors (Dhungana et al. 2015; Vitunskaite et al. 2019). The movement of citizens around the smart city will trigger sensors and network devices that will communicate data about their location, habits and activities as users interact with mobile applications and interact with the smart city infrastructure. However, catering for privacy aspects within the smart city context seems to be a significant technological challenge to designers and system builders. Systems that protect privacy should be closely aligned with continuous security requirements where implementation is essential for trust and wellbeing within smart cities (Elmaghraby and Losavio 2014).

The smart city discourse has tended to distil the concept, generally to a set of issues where cities can use technology to ensure crime is reduced, traffic is more efficient and environmentally friendly, reduced energy consumption, and people lead more healthy and fulfilled lives. However, as highlighted in Kitchin (2016), the technology seems to be the starting point rather than a mechanism to address problems and deliver benefits to city stakeholders. The use of technology is viewed as being of central importance to smart cities but the integration of ICT into urban infrastructure alone - does not make the city smart if the human and social capital as well as wider economic policy and management of urban development are not factored in (Caragliu et al. 2009; Hollands 2008; Kitchin 2014). The realities of smart city initiatives that effectively create innovation ecosystems enabling citizens and communities to interact with public authorities and knowledge developers, highlights that “people rather than technology are the true actors of urban “smartness” (Oliveira and Campolargo 2015). The debate around the underlying human centred factors indicates that in the context of security and privacy within the smart city, the critical emphasis should be one that assesses the benefits and risks from the people perspective when deciding outcomes.

4.4 Sustainability Challenges

Although studies have criticised smart and eco focused city initiatives for the fragmented nature of their sustainable urban development in Hong Kong and Masdar City within Abu Dhabi (Cugurullo 2018), the smart city can offer the potential to integrate low carbon transport infrastructure to deliver the flexible mobility needs of citizens. The digitization of many aspects of smart city management offers significant opportunities within an IoT-enabled waste management infrastructure for the efficient collection, transportation and recycling of materials (Anagnostopoulos et al. 2017). Smart environments are likely to deliver significant innovation and respond to the challenges of greater urbanization with an increased focus on sustainability, energy distribution, mobility, health and security (Klein and Kaefer 2008). The increasing use of technology to advance sustainability and manage natural resources, has the potential to make a significant impact on the quality of life for citizens, whilst aligning with the ethical demands of modern society (Chourabi et al. 2012; Höjer and Wangel 2015).

One of the challenges for sustainability initiatives within smart cities is the need to take account of the human behaviours and motivation of citizens. The Singapore case study analysed in Bhati et al. (2017), highlights the criticality of citizens feelings of safety and security, asserting that these factors must be formally managed before citizens can focus on sustainability initiatives. Citizen quality of life and sense of community are interrelated with sustainability and economic growth, where wise management of economic resources, focus on smart mobility and analysis of how people actually live, is key for a sustained change in behaviours (Bifulco et al. 2016; Lee et al. 2014). The concept of the smart community is based on the convergence of citizens with smart homes and buildings, water and waste management systems to maximise the benefits of the smart city in the optimisation of energy consumption, and reduction of carbon emissions (Silva et al. 2018).

The management of many aspects of sustainability initiatives within smart cities via complex IoT focussed technology, exposes organisations to the threats from failure due to natural disasters but also through network unavailability and breaches of security. Designing for smart city sustainability includes rapid recovery strategies to overcome failure and to revert the city operations back to normal with minimal cost and impact on operational efficiency (Silva et al. 2018).

4.5 Smart City Interaction Framework

The framework presented in Fig. 3 highlights the numerous interdependencies between the many identified factors and challenges within smart cities and integrates these into a single model.

Fig. 3
figure 3

Smart cities security & privacy framework

The framework details the impact of the key challenges on the various operational functions within the smart city and contextualises the interaction with key factors such as services and mobility from the stakeholder perspective. The complexities inherent within privacy, security and risk within smart cities are represented across all aspects of the model. These aspects are integral to smart city operations requiring effective processes and procedures at all levels of transactions and interactions with the smart city infrastructure.

The key challenges for smart cities namely trust, operational and transitional, technological and sustainability are outlined in the framework, signifying the pressure on smart city designers and integrators to retain focus on these elements. The key challenge of engendering trust from citizens is integral to expanding operational reach and effective interaction from smart city systems and infrastructure. Without trust from all stakeholder levels, citizens will be reticent to interact with smart city systems and interfaces. Feelings of digital disenfranchisement and reticence to interact can be manifestations of low levels of trust where citizens have concerns on security or perception of threats relating to personal data integrity (Joss 2018).

The identified smart city factors within the framework namely: services, mobility, standards and protocols, law and regulation, wellbeing, quality of life and governance, are derived from the identified themes and literature review. Each represent the range of factors that need to be in place for the smart city to function effectively. The key stakeholders - citizens, government and organisations, highlights the significant reliance on the human factors and their interaction for the successful operations of smart cities (Kitchin 2015; Scuotto et al. 2016). As cities adopt greater levels of smart capability, the significant challenges as outlined remain. The impact on the lives and wellbeing of citizens is significant, therefore, the success of smart cities and challenge for authorities is the building of trust through privacy and security initiatives. The threats to operational effectiveness of smart cities are numerous and are dependent on many aspects of security policy, education and effectively managing the balance between openness and acceptable levels of intrusion and security. These areas are ongoing challenges for future smart city initiatives.

Based on the discussion above and presented framework (Fig. 3) the following is proposed, which could serve as a basis for future empirical research to validate the proposed framework:

Proposition 1

Solving the many technological and sustainability challenges can significantly influence adoption and reduce the risk of operational and citizen interaction issues within smart cities. The inherent risks and complexities associated with smart city infrastructure with its use of smart grids, building automation systems and IoT interaction devices ( Baig et al. 2017; Silva et al. 2018), integrated with large scale, leading edge technology deployment, pose numerous issues for smart city designers and operators (Barnaghi et al. 2015; Nam and Pardo 2011). The success of smart cities is reliant on the interaction from citizens and wider stakeholders (Oliveira and Campolargo 2015), but success is very much dependent on design approaches, operational efficiency, and the human centred approach to assessing benefits. The increasing ethical demands of modern society has greatly impacted how people view smart environments and risks relating to sustainability and wider aspects of society (Chourabi et al. 2012; Höjer and Wangel 2015). Greater adoption of the many changes resulting from smart cities is directly related to a deeper analysis and understanding of how people live and work (Bifulco et al. 2016; Lee et al. 2014), where smart community and smart mobility are integrated with the overall city infrastructure.

Proposition 2

Increasing focus on the many issues related to the privacy and security elements of smart city infrastructure, will engender greater levels of trust in smart city operations and smart city system interaction. Factors relating to trust are critical to the success of smart cities and are reliant on the effective management and communication of data. The significant levels of data communicated via IoT based infrastructure, pose significant security and privacy concerns in the minds of citizens (Abosaq 2019; Elmaghraby and Losavio 2014), especially for those demographics that exhibit high levels of reticence to interact with technology (Joss 2018). Designers of smart cities are advised to focus on these factors as they balance the needs of citizen concerns relating to privacy and security with greater access to personal data.

Proposition 3

The move from existing traditional infrastructure to one encompassing smart city initiatives, poses significant risk to designers and planners unless sufficient focus is maintained on the human related transition factors. The reality that most smart city projects are effectively a retro-fit of smart initiatives within an existing infrastructure, highlights the criticality of ensuring a key stakeholder perspective when developing new smart systems and levels of interaction. The singular technologically focussed approach generally applied to smart city initiatives, fails to recognise that solutions are contingent on a number of human centred factors (Kitchin 2015), where the adaptation of existing city infrastructure can increase the risk to the security, privacy and sustainability of operations (Awad et al. 2019; Cugurullo 2018). The cultural and societal shift required to transition stakeholders to new smart city operations should not be underestimated.

5 Conclusion

This study provides a theoretical review of the smart city literature, focussing on the many threats relating to privacy and security, and how these can impact the operation of smart city processes. A number of emergent themes and significant challenges have been discussed to provide a valuable synthesis of the key factors relating to privacy and security threats within the smart cities literature. We posit this study as a comprehensive and relevant information framework for academics and practitioners analysing the many complexities and issues surrounding smart cities. As a result of the literature review, discussion and developed framework, a number of propositions were developed.

The analysis of the existing literature highlights that generally, studies seem to be lacking quantitative and also qualitative data on the adoption of smart cities. Some studies do include a case element to their research, but the recycling of lessons learned into new smart city initiatives, seems to be a key gap in the literature. The vulnerability of smart city infrastructure to data theft, unauthorised data access, system breaches, virus-based attacks and other threats to operational integrity, are likely to be ongoing as more cities transition to smart capability. The critical factors relating to technical and security governance of smart cities are key factors relating to operational integrity and citizen trust within the smart city infrastructure. Breaches of security that jeopardise data privacy are likely to severely impact citizen engagement and overall trust in smart city systems and services.

The greater focus on sustainability within the smart city infrastructure is likely to impact provision of services, transportation, eating habits and consumerism. The wellbeing and quality of life factors are directly related to these areas as citizens interact with new initiatives and adhere to changes that reduce emissions and reduce our carbon footprint. The links between feelings of safety and security and greater willingness for citizens to transition toward sustainability initiatives, could act as key drivers for smart city authorities to build in these aspects at an early stage.

The ongoing use of technology to provide the infrastructure and interaction that can deliver services to citizens, whilst offering new innovative platforms and systems many of which are available via mobile devices, risks disenfranchising key sectors of the population. The fast pace of technology that can delivery new and exciting ways to interact with healthcare providers, banks insurance companies, utility providers and transport operators, is likely to be a barrier for adoption for older demographics that do not share the same feelings of trust and enthusiasm from younger more technically aware population groups. The challenge for smart city designers and planners as innovations such as blockchain based systems and greater use of AI become integral to system architectures, is to maintain humans in the loop to engender the required levels of trust in security and privacy from citizens.

6 Limitations and Future Research Directions

This study is somewhat limited due to the focus on security and privacy that perhaps may exclude a number of the human-centred factors that may impact the further adoption of smart cities. Further research is recommended to better illustrate the “lived in” experience of smart cities from the citizen perspective to quantify the many interaction and day to day operational complexities to engender greater levels of trust from the population. Furthermore, the current study considered only technological solutions to improve security, privacy, and operational threats. However, city infrastructure also includes legal and institutional dimensions. Future research should consider how the legal system can be used to solve trust challenges within smart cities. Additionally, it is advised that future research should focus on solving identified challenges of smart cities (trust challenges namely trust challenges, operational and transition challenges, technological challenges and sustainability challenges), which will greatly benefit further smart city initiatives.

More research is needed on the use of blockchain in smart cities. It is important that new government and industry regulations are developed with help to avoid disputes among the transacting parties (Krawiec et al. 2016). Additionally, it is important to consider the cost of deploying and operating a blockchain-based system within smart cities. Thus, it is important to perform a targeted pilot in order to test the potential cost of a blockchain-based smart city system (Xie et al. 2019), as well as to evaluate holistic models of societal value co-creation that consider thorough cost-benefit analysis to enable sound decision-making by government.

More research is required on smart cities’ complex institutional and technological environments (Gupta et al. 2020). Future studies could explore the role of leadership and orchestration, which manifested through openness, diffusion, and shared vision in smart city ecosystems (Gupta et al. 2020).

The substantial advances in smart city technological infrastructure have provided for many examples of smart city implementations. However, in order to ensure that benefits can be gained at a local level, as well as at a level that transcends the local community to embrace regional, national, and global dimensions. The current issues around heterogeneity, and lack of communication protocol and standardisation, and the mostly proprietary and close nature of such infrastructure, which currently prevent different ‘smart cities’ to communicate, need to be resolved (Allam and Jones 2020). A globally interconnected, transparent network of smart cities, and democratised access to the infrastructure could be a critical tool in tackling global health issues, such as virus outbreak (as in the case of the COVID-19 pandemic) by greatly enabling real-time and globally coordinated urban health management by access to, and monitoring of, a large number of critical sensory outputs. This line of thinking can also be extended to other global issues such as pollution and environmental monitoring, whereby a communicating network of smart cities would provide a step-change in the predictive ability of environmental models, with evident benefits for city dwellers, proactive policy development at regional, national and international levels (with regulatory, legal, economic and wider research implications that will inevitably accompany them), with the design and adoption of countermeasures at scale. The future research could also explore and learn from the successful adoption of information technology enabled citizen-centric services (e.g. Alryalat et al. 2015; Chatterjee and Kar 2018; Chaudrie and Dwivedi 2005; Dwivedi and Williams 2008; Dwivedi et al. 2007, 2017; Kapoor et al. 2014; Rana and Dwivedi 2015; Rana et al. 2013a2013b2013c2013d2015a2015b2015c2016, 2017; Weerakkody et al. 200720092017) and other IS success/failure projects (e.g. Hughes et al. 20162017a2017b2020) for the proposed smart cities in India.