by Lorena Volpini, Carmela Occhipinti (CyberEthics Lab)

Imagine a busy city powered by cutting-edge technology driven by sustainability. But what if the focus on technology overlooks the human element? Technological advancements offer exciting possibilities for creating sustainable and efficient smart cities. However, focusing solely on technical solutions can overlook a crucial element: the human factor. Cybersecurity projects, essential for protecting these advancements, often prioritise technical-first approaches. This can create a blind spot, neglecting how society might perceive and react to these innovations. The Horizon 2020 project “IRIS – artificial Intelligence threat Reporting and Incident response System” [L1] recognises this challenge. It emphasises that robust cybersecurity goes beyond information security. It’s also about building trust and fostering social acceptance for these technologies within smart cities.

As the smart city landscape expands to include more Internet of Things (IoT) and Artificial Intelligence (AI)-enabled platforms, the challenges associated with threat intelligence increase in both complexity and novelty. These include identifying attack vectors, responding effectively and facilitating the secure sharing of relevant data – all specific to these emerging technologies. To address these growing threats, the IRIS project envisions a centralised platform designed specifically for Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs). The IRIS platform is designed and developed to enable them to assess, detect and respond to threats and vulnerabilities targeting IoT and AI-driven ICT systems, while also facilitating information sharing. With the aim of strengthening European CERTs/CSIRTs capabilities, IRIS enables them to minimise the impact of cybersecurity and privacy risks in smart cities. To ensure the effectiveness of the IRIS platform, extensive demonstrations and validations have been conducted in highly realistic environments involving three European smart cities, Helsinki, Tallinn and Barcelona, their CERTs/CSIRTs and associated cybersecurity authorities. The IRIS project started in September 2021 and it is expected to be completed in August 2024.

By recognising the social implications of cybersecurity in smart cities, the IRIS project looks at two crucial dimensions. Firstly, it recognises that robust cybersecurity can actually unlock the potential of smart city services. By fostering trust and security, it becomes a hidden enabler of social acceptance of smart cities. Secondly, IRIS acknowledges that cybersecurity in smart cities is a double-edged sword. While it protects vital infrastructure, it also interacts with a public consciousness that is still incipient. Think of it this way: without a clear understanding of how these systems work and why, society might naturally mistrust the unfamiliar.

Without careful planning, a lack of stakeholder engagement in the process may lead to dissatisfaction and resistance to innovation designed to improve city life. IRIS goes beyond simply securing smart city services and infrastructure; it seeks to reconcile security with the broader vision of a resilient, user-centred, cross-border cybersecurity system fully integrated to the urban future.

IRIS focuses on two key aspects of social acceptance of technology innovation in smart cities. Firstly, it considers how society might react to these innovations, and secondly, how organisations responsible for cybersecurity (like CERTs and CSIRTs) might adopt or reject them. While these aspects are connected, understanding the society’s response can be tricky. Public reactions are complex and can’t always be easily measured. This can be frustrating in research, where scientists often prefer clear-cut results. Social science research, which explores these nuanced reactions, can sometimes seem less useful because it doesn't provide simple answers.

To address these challenges, IRIS uses a special evaluation method called Social Acceptance of Technology (SAT) [1] developed by the R&D department of CyberEthics Lab. [L2]. SAT helps researchers assess acceptance in a way that works better with the research and development process. It does this by focusing on two things:
1. Four key factors that influence acceptance: These factors, displayed as four coloured “bubbles” in Figure 1, include user experience, social disruptiveness, value impact, and perceived trustworthiness. SAT recognises that these factors don't have simple cause-and-effect relationships, but they are significant since they all focus on the co-constitutive bond of the “society and technology” relation [2].
2.  The specific context: SAT also considers the specific reasons why users and organisations might accept or reject a technology. This helps researchers understand the “why” behind the “yes” or “no”.

Figure 1:- Social Acceptance of Technology (SAT) assessment model.
Figure 1:- Social Acceptance of Technology (SAT) assessment model.

While the main purpose of SAT in IRIS is to evaluate project demonstrations, it also helps improve the design of these innovations. On the one hand it urges designers and developers to think of the human factor in a novel way. IRIS Technology innovation was conceived and designed to be used by CERT and CSIRTs but, as a matter of fact, it is applied to smart transport and smart grid. SAT helps innovators to focus not just on intended end users, but also all those social actors involved in smart transport and energy distribution, who have interest in the innovation at hand or may be affected by it. By incorporating SAT testing early in the development process, innovations can be adapted to better align with people's values and expectations. This proactive approach can lead to more socially responsible and cost-effective solutions.

Ultimately, SAT aims to analyse the perceptions of various stakeholders. This allows researchers to infer how acceptable an IRIS solution might be overall. However, this “collective judgement” can change over time and across different regions. The good news is that by working together and discussing these findings, IRIS partners can use this feedback to guide further development. In the IRIS project, SAT proved to be a valuable tool for gathering feedback and building innovations that are both responsible and sustainable. It also helped to promote engagement and awareness among stakeholders.
“This document is part of a project that has received funding from the European Union's Horizon 2020 research and innovation programme under Grant Agreement No. 101021727.”


[1] C. Occhipinti,, et al., “Sat: a methodology to assess the social acceptance of innovative AI-based technologies,” Journal of Information, Communication and Ethics in Society, 1, 2022 (in press).
[2] G. Tabourdeau, and C. Grange, “From user acceptance to social acceptance,” in Proc. of the 19th Annual Pre-ICIS Workshop on HCI Research in MIS, Virtual Conference, December 12th 2020.

Please contact: 
Lorena Volpini, CyberEthics Lab., Italy
This email address is being protected from spambots. You need JavaScript enabled to view it.

Next issue: October 2024
Special theme:
Software Security
Call for the next issue
Image ERCIM News 138
This issue in pdf


Image ERCIM News 138 epub
This issue in ePub format

Get the latest issue to your desktop
RSS Feed