Comparative assessment of cyber-physical threats to megacities

By 2030, forecasts suggest that urban areas will house 60 percent of the world’s population and one in every three people will live in cities with at least half a million inhabitants. Within the same time frame, the number of global megacities is expected to jump from 33 today to 43 in 2030 [1]. Underpinning these large urban areas will be an interconnected network of critical physical infrastructures reliant on Internet-connected Industrial Control Systems and susceptible to increasingly sophisticated, e.g., AI-enabled, cyber threats. In hand, the cyber threat landscape is shifting rapidly. We are seeing a sharp rise in the number of cyberattacks on critical infrastructure [2] with significant impacts cascading across multiple sectors and causing disruption to the provisioning of essential goods and services. Security scholars suggest that these impacts are not always equitable and that disruption to critical infrastructure can affect vulnerable groups differently [3], which further emphasizes the need to improve cybersecurity between critical infrastructure sectors [4]. Through structured analysis of city statistics, demographic information, cyber incidents, and current cyber policy, our presentation will articulate potential social implications of megacity growth through the lens of cyber-physical infrastructure disruption. We investigate the largest 15 megacities in the world and find that megacities continue to grow in population but not in cyber policy. We highlight recent examples of cyber-physical disruption in Mumbai and New York City with focus on implications for vulnerable populations. Our work suggests the need for future research on social responsibility regarding security of these critical infrastructure sectors and on the need for technology-focused law, policy, and regulation guidelines.