UNIVERSITY OF CALGARY
UCalgary researchers hope to make Canadian communities cybersafe

Cybersecurity is an issue that municipalities need to take seriously, experts at the University of Calgary and across the country believe.

According to Statistics Canada, nearly one-in-six Canadian businesses were impacted by cybersecurity incidents in 2023.

While a specific number hasn't been reported for municipalities, it paints a picture of the threat facing communities of all sizes as the technological evolution forges ahead.

Three researchers - Drs. Lorenzo De Carli and Hadis Karimipour in the Schulich School of Engineering, and Dr. Rei Safavi-Naeini in the Faculty of Science, all PhDs - are collaborating with colleagues at Toronto Metropolitan University, Concordia University, and Dalhousie University to build secure, privacy-preserving smart infrastructure for Canadian cities.

"Ultimately, it's about reframing cybersecurity as essential public infrastructure and not just an IT upgrade," De Carli says. "When cybersecurity is seen not as a cost but as a cost-avoidance strategy, the mindset shift follows, and we get successful buy-in."

The team is leading a major national initiative - "Securing Smart Environments" - which has received nearly $4 million in funding over four years from the Volt-Age Canada First Research Excellence Fund (CFREF) Impact Grant.

A growing disconnect

Municipalities let cybersecurity slide until their systems have been compromised, the team says.

Meantime, new technology for automated transit, AI-enabled services, and sensor networks is being brought on stream without safeguards in place to avoid attacks.

"The greatest challenge is that our cities are getting smarter, but not necessarily safer," says Karimipour. "We are facing the growing disconnect between digital innovation and digital resilience."

She says a survey of Canadian municipalities found 49 per cent identified replacing legacy systems as a top technology challenge as they weren't designed with cybersecurity in mind, creating persistent vulnerability hotspots.

Karimipour says it's only getting more challenging for local governments with further development of quantum computers.

Striving for resilient tech

The solution is in the research team's focus.

Using new technology like AI and cryptography, they are looking to develop practical, interoperable cybersecurity and privacy solutions for digital urban infrastructure, including those still relying on older systems.

Safavi-Naeini says they are working with municipalities and stakeholders like the City of Calgary to develop and test their range of innovations.

"We want to ensure that each tool is not only technologically advanced, but also aligned with real-world governance, procurement and operational constraints," she says. "The goal is to provide cities with future-ready cybersecurity capabilities that evolve alongside their infrastructure."

While it might cost more up-front to pay for secure public infrastructure, Safavi-Naeini says it costs even more when systems are hacked or shut down, like the attack on the Calgary Public Library nearly a year ago.

De Carli says they are opening the eyes of communities while making them more resilient, safer and empowered to manage their cyber risks proactively.

"The ultimate indicator isn't just the number of systems protected, but whether communities emerge better equipped to anticipate, withstand, and recover from cyber threats," he says. "If our work results in even one city averting a major disruption or privacy breach, that's impact."

By the time the funding term is complete in four years, the team is hoping to work with a handful of municipalities with a total population of more than a million people, while targeting a 50 per cent reduction in incident detection and response times.