Building Smarter Cities

Learn how the growth of the Internet of Things (IoT) market is driving up the expectations of decision makers throughout local, state and federal government in this comprehensive research brief from CompTIA.

  • Discover how some 172 personnel who make spending decisions for agencies and departments across America are influenced, both positively and negatively, by their outlook for the IoT.
  • Learn what city managers need to know about how networked devices, the cloud, artificial intelligence and robotics will interact throughout city infrastructure before they can evaluate bids or proposals.
  • Find out how government leaders expect IoT technologies to drive revenue and improve their prospects for attracting businesses and investments.

How will these influential decision makers learn what they need to know about information technology (IT) to make smarter choices about how they can make their cities smarter? This is where you play a role — where you provide your expertise and skill to improve people’s quality of life. Download this research brief now and learn about the roles you can play and how information technology can help in making cities smarter through the Internet of Things.

The content you requested is available to CompTIA Registered Users and CompTIA Premier Members.

If you are a Registered User or a Premier Member, please sign in:

Register now. It’s free!

Registration will provide you with a customized experience and give you instant access to hundreds of CompTIA research reports, guides and tools. Anyone can create an account.

Learn more about registration

Registered User Signup

Contact Info:

Registered Users will receive periodic information from CompTIA about relevant IT resources and insights.

Privacy Statement

CompTIA's Commitment to Privacy

Your privacy is important to us. To better protect your privacy, CompTIA, Inc. (hereinafter referred to as "CompTIA", "we" or "us") provide this notice explaining our online information practices on and other Web sites or applications that may link to this Privacy Statement and the choices you can make about the way your personal data is collected, used and disclosed.

  1. The Personal Data We Collect

    Personal data means any information relating to an identified or identifiable natural person ("Personal Data"). This notice applies to all Personal Data collected or submitted on our Web site. On some pages, you can order products, services, make requests, apply for membership, participate in surveys, or register for events, seminars or conferences.

    The types of Personal Data collected in this context directly from you may include your:

    • Name,
    • Private and business addresses,
    • Private and business email addresses,
    • Private and business phone numbers,
    • Occupation,
    • Title,
    • Other contact information,
    • Gender,
    • Date of birth,
    • Credit/debit card information,
    • The nature of your inquiry or comment,
    • Business profile information for membership application,
    • Order history and purchase behaviour,
    • Confirmation of attendance for events or meetings,
    • Certification verification requests,
    • Information in texts you entered in connection with exams and surveys,
    • Exam and survey result information, or
    • Other types of feedback and information when needed to provide a product or service you requested.

    We may also collect your Personal Data from your use of our website. This information includes:

    • Web behaviour using, but not limited to, internal cookies, third party cookies, and social plugins, that track on and between all CompTIA sites: browsing activity, document downloads, form submissions and other behaviour on CompTIA affiliated sites.

    We may also collect your Personal Data from third parties, such as marketing providers. This information may include your:

    • Name
    • Personal and Business address
    • Personal and Business email address
    • Business phone number
    • Company and/or Educational Institution
    • Date of birth
  2. How CompTIA Uses your Personal Data

    We process your Personal Data only on a sufficient legal basis according to the applicable data protection laws. The legal basis can be one of the following:

    • To fulfil our contractual obligations towards you; this is the case, for instance, where we: conduct your exams and surveys and calculate the respective results; perform the member programs; manage the customer accounts;
    • Your consent; this is the case, for instance, where we send direct marketing information by electronic communication to you; track your web behaviour; give you access to benefits on third party websites;
    • Legitimate interests; this is the case, for instance, where we send you direct marketing information by other means than electronic communication; or
    • To comply with our legal obligations.

    Where the processing is based on consent you may withdraw your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal. You can do so by contacting us using the contact details set forth below.

    Except where your Personal Data are processed by us to comply with a statutory or contractual obligation, you are not obliged to provide Your Personal Data. However, if you refuse to provide your Personal Data, it may not be possible for us to provide you with the services available on our Web site.

    We use the Personal Data you submit or otherwise provide about yourself on our Web site for the following purposes:

    • To complete your request or order;
    • To respond to inquiries and to confirm orders or registrations;
    • To perform our services to you and to administer our contractual relationship with you, such as calculating and providing the results of exams and surveys, and performing the member programs;
    • To manage your accounts;
    • To provide you with updates and other information that we think may be of interest to you;
    • To perform statistical analyses; and
    • To send you news, announcements and other marketing and promotional communications.
  3. Disclosure of personal data

    CompTIA discloses your Personal Data to other CompTIA entities and to third parties.

    If you have not given your explicit consent to do so, we do not disclose the Personal Data you submit or otherwise provide about yourself on our Web site to any third parties besides other CompTIA entities, unless it is necessary to complete your request or order or it is necessary to provide a product or service to you which you have ordered. We will also disclose such Personal Data to third parties if it is necessary to protect our rights or property or if it is required or authorized by law.

    We disclose your Personal Data to service providers for marketing automation, process automation, lead capture statistical analysis, research, affinity programs, training and exam delivery and certification management and fulfilment. A full list of the service providers is available upon request.

    We disclose your Personal Data to our business partners for promotion, marketing, and networking. A full list of our business partners is available upon request.

    We also disclose your Personal Data to CompTIA affiliates for list purposes, e.g. administration. A full list of the affiliates is available upon request.

    However, except as noted in this Privacy Statement, your Personal Data are not used for any other purposes and are not disclosed to any other third parties.

    We use non-identifying and aggregate information to better design our Web site and to disclose to advertisers. For example, we may tell an advertiser that a certain number of individuals visited a certain area on our Web site, or that certain number of men and certain number of women filled out our registration form, but we would not disclose anything that could be used to identify those individuals, except as noted in this Privacy Statement.

  4. International Data Transfer

    CompTIA might disclose your Personal Data to entities in other countries as needed to conduct business. This means that the Personal Data may be sent to countries that are located outside the European Economic Area ("EEA") such as the US. We have put in place appropriate safeguards in accordance with the legal requirements to ensure compliance with EU data protection regulations. For more information about the safeguards which are put in place, please contact us at the contact information set forth below.

  5. How we secure your data

    CompTIA takes reasonable administrative, technical and physical precautions to protect your Personal Data from accidental or unlawful loss, misuse, unauthorized access, disclosure, alteration, destruction and other unlawful forms of processing. Authorized individuals having access to your Personal Data must respect the confidentiality of your Personal Data.

    Your Personal Data will be stored only for the time they are needed for the purposes they have been collected and processed for and deleted afterwards. For marketing purposes we only retain your Personal Data for six months unless you have agreed otherwise.

  6. Your Rights

    Where the Regulation (EU) 2016/679 (General Data Protection Regulation) or similar legal requirements apply to the processing you may exercise the following rights: The right to access the Personal Data; the right to rectification; the right to erasure; the right to restriction of the processing, the right to objection of the processing and the right to data portability. If you wish to exercise your rights, please contact us by using the contact information set forth below.

    You can also lodge a complaint with your competent data protection authority or privacy regulator.

  7. How To Access or Update Your Personal Data

    You can access or change your Personal Data that we collect online and maintain. If you are a certification candidate or alumnus, please visit and select My Account.  To do so, as a corporate member or registered user, log in to the member's area of with your corporate ID number email address and password. If you cannot remember your corporate ID or password, contact us as set forth below. If you are an AITP member, please visit and click Login.  In all cases, if you've forgotten your password, please click the ‘Forgot Password' link on each site.

  8. Links

    Our Web site may contain links to other Web sites. Please be aware that this Privacy Statement does not apply to such linked sites nor is CompTIA responsible for the content or privacy practices of such linked sites.

  9. “Cookies”

    Like most Web sites, CompTIA uses “cookies” for several legitimate purposes. These include remembering IDs and passwords, tracking user traffic patterns, and differentiating between repeat and new users. It is CompTIA's policy that data generated by cookies will be used for internal purposes only and to improve our Web site and site-related services.

  10. Amendments

    CompTIA may amend this Privacy Statement from time to time. Any such amendments will be posted on our Web site.

    We will inform you if we intend to further process your Personal Data for compatible purposes other than those for which your Personal Data originally have been collected for by providing you the required information on that processing. The information will be provided in advance to you to consider and potentially exercise your rights on that further processing. Prior information is further provided for changes that have a fundamental impact to the nature of the processing.

  11. How to Contact Us

    If you have any inquiries or complaints regarding this Privacy Statement, you may contact our Data Protection Officer:

    Courtney Fong
    Chief Legal Officer and Chief Privacy Officer
    3500 Lacey Road, Suite 100
    Downers Grove, IL 60515
    +44 233181856

    Effective: 25 May 2018

CompTIA Website Terms of Use

The provisions set forth below (the "Agreement") state the terms and conditions that govern your use of the website located at (the "Website") and the services and materials offered thereon (the "Services and Materials") by The Computing Technology Industry Association, Inc. ("CompTIA").

PLEASE READ THIS AGREEMENT CAREFULLY. BY USING THIS WEBSITE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. If you do not agree to be bound by the terms of this Agreement, please discontinue your use of the Website immediately.

1. Copyright. Unless otherwise indicated, the copyright in the content of this Website, including the screens displayed on the website, is owned by CompTIA. You may not modify, copy, reproduce, republish, upload, post, transmit, publicly display, prepare derivative works based on, or distribute in any way any portion of the Website, including but not limited to the code and software underlying the Website.

2. Warning. CompTIA may, in its sole discretion, modify or discontinue the information and materials contained in this Website (including the terms, conditions, and descriptions that appear herein) and any other aspect of the Website at any time without prior notice and without liability. Services and products offered on the Website are not necessarily available in all geographic areas. Your eligibility to obtain particular services and products is subject to the final determination of CompTIA.

3. Purpose of Website. The information contained in this Website is for informational purposes only. Such information is not intended to replace, and should not be interpreted or relied upon as professional advice from CompTIA, whether legal or otherwise. Accordingly, please consult with your own professional experts for all advice concerning legal matters, human resource matters, and the like that may be discussed on this Website.

4. Usage. The Website is accessible to you through a computer or other access device. Its content may include information, editorial content, chat rooms, and links to other websites. You are responsible for all charges associated with accessing the Web Site.

5. Access to Certain Portions of the Website. Access to certain portions of the Website is restricted to members of CompTIA, holders of certain CompTIA certifications, and others. To become eligible to access any such portions of the Website, you may be required to give CompTIA certain information. You agree to provide true, accurate, and complete information and to update this information when it changes. If you provide any information that is untrue, inaccurate, outdated, incomplete, or misleading, or if CompTIA suspects that you have provided any untrue, inaccurate, outdated, incomplete, or misleading information, CompTIA may, in its sole discretion, suspend or terminate your membership, certification status, and/or right to access all or part of this Website. If CompTIA assigns you a user ID and/or password to enable you to access restricted portions of the Website, you are solely responsible for maintaining the confidentiality of your ID, password, and other account information. You will be responsible for all usages of the Website made with your user ID and or password. You agree that you will notify CompTIA immediately of any unauthorized use of your password, user ID, or account, or any other breach of security. You agree that you will log off of the Website immediately when you are finished using it in order to prevent fraud by unauthorized persons.

6. Restrictions on Usage. As a condition to your right to use the Website, you will not: (a) engage in any activity that disables the Website or otherwise impedes its operation or limits its availability to others; (b) alter in any way the content of the Website; (c) use the Website to post or otherwise disseminate any unlawful, threatening, defamatory, offensive, obscene, vulgar, pornographic, profane, indecent, or fraudulent communication of any kind, as determined by CompTIA in its sole discretion; (d) use the Website to post or otherwise disseminate any communication that infringes or dilutes any intellectual property or that violates any person’s rights of privacy or publicity; (e) use the Website to transmit any virus, bot, worm, Trojan horse, or other harmful software;; (f) use the Website to post or disseminate any communication that encourages or assists any other person to engage in illegal activities; (g) utilize the Website or any information contained in the Website to assist in any way with the transmission of unsolicited email messages to any other person; (h) impersonate any other person or entity or misrepresent any fact about yourself; (i) distribute, transfer, or disseminate any information derived from the Website through or onto a searchable, machine-readable database; (j) use the Website to collect information about other users of the Website; or (k) attempt to use the Website to gain unauthorized access to other computer systems or networks connected to the Website.

7. Monitoring by CompTIA. CompTIA has the right, but not the obligation to monitor the use of the Website. If CompTIA monitors the use of the Website, CompTIA may examine, copy, and record any information relating to your usage of the Website. CompTIA reserves the right to disclose any such information in order to comply with any law, regulation, or governmental request. CompTIA shall have the right, but not the duty, to remove any communication that CompTIA, in its sole discretion, finds to be objectionable or inappropriate.



10. Acknowledgment of Warranty Disclaimers. You acknowledge and agree that CompTIA would not have made this Website available to you without the warranty disclaimers and the limitations on liability and remedy that appear in this Agreement.

11. Indemnification. You agree to defend, indemnify, and hold harmless CompTIA, its affiliates, and their respective directors, officers, employees, and agents from and against all claims, actions, suits or proceedings, as well as any and all losses, liabilities, damages, costs, and expenses (including reasonable attorneys fees) arising out of or accruing from (i) any material posted or otherwise provided by you that infringes any copyright, trademark, trade secret. trade dress, patent or other intellectual property right of any person or defames any person or violates their rights of publicity or privacy; (ii) any misrepresentation made by you in connection with your use of the Website; (iii) any noncompliance by you with the terms of this Agreement; and (iv) any claims brought by persons or entities other than you or CompTIA arising from or related to your access and use of the Website, including the information obtained through the Website.

12. Termination. CompTIA, at its sole discretion, and for any reason or for no reason, may terminate your password or your access to all or part of the Website, and may delete and discard any information that you have published, sent or received on or via the Website.

13. Trademarks. No CompTIA trademarks or trademarks owned by any other person that appear on this Website may be copied, downloaded, or otherwise utilized without the express written consent of the owner of such trademark.

14. Minors. If you permit any minor child to use this Website, you will be solely responsible for: (i) the online conduct of such minor child; (ii) the monitoring of such minor child's access to and use of the Website; and (iii) the consequences of any such usage.

15. Child Online Protection Act Notification. Pursuant to 47 U.S.C. Section 230(d), as amended, CompTIA hereby notifies you that parental control protections (such as computer software, hardware and filtering services) are commercially available for you to purchase. These protections may assist you in limiting access to material that could be harmful to minors. Information about purchasing such protections is available at http//

16. Infringement Policy. CompTIA, pursuant to 17 U.S.C. Section 512, as amended, reserves the right but not the obligation to terminate your right to use the Website if CompTIA determines, in its sole and absolute discretion, that you are involved in an activity that infringes the intellectual property of others. CompTIA seeks to accommodate, and not interfere with, standard technical measures used by copyright owners to protect their materials. In addition, pursuant to 17 U.S.C. Section 512(c), CompTIA has implemented procedures for receiving written notification of claimed infringements and for processing such claims in accordance with the law. All claims of infringement must be submitted to CompTIA in a written complaint that complies with the requirements below and is delivered to our designated agent to receive notification of claimed infringement.
To submit any such complaint by mail, please use the following address:

3500 Lacey Road, Suite 100
Downers Grove, IL 60515
(630) 678-8300

To submit any such complaint by e-mail, please use the following address:
Any written notice regarding any defamatory or infringing activity, whether of a copyright, patent, trademark or other property right must include the following information:

  1. A physical or electronic signature of a person authorized to act on behalf of: (i) the owner of the proprietary right that is allegedly infringed; or (ii) the person defamed.
  2. An identification of the work claimed to have been infringed.
  3. An identification of the material that the claimant alleges is infringing, along with information that enables CompTIA to locate such material.
  4. Information that enables CompTIA to contact you.
  5. A statement that you believe in good faith that the activity in question is an infringement and violates the law.
  6. A statement under penalty of perjury, that the information in the notification is accurate and that you are authorized to act on behalf of the owner of an exclusive right that is allegedly being infringed or that you are authorized to act on behalf of the person allegedly being defamed.

17. Public Information. If you post any content in any form on this Website, or disseminate any such information through the Website, you will be deemed to have relinquished any intellectual property rights in such content. Such content will be deemed to be public information. CompTIA may use any such content for any purpose.

18. Modification. CompTIA reserves the right, in its sole discretion, to amend this Agreement in any way at any time. Any such amendment shall become effective when it is posted on this Website. Your continued use of the Website will constitute your binding acceptance of any such amendment.

19. Limit on Exportation. Unless otherwise specified, this Website is intended solely for use in the United States of America. CompTIA operates Website from its offices in the State of Illinois, United States of America. CompTIA makes no representation that the materials on the Website are appropriate or available for use outside of the United States. Those who choose to access the Website from outside of the United States do so with this understanding and are responsible for compliance with local laws. Software on the Website is subject to United States export controls. No software from the Website may be downloaded or otherwise exported: (i) into or to a national resident of Cuba, Libya, North Korea, Iran, Syria or any other country to which the United States has embargoed goods, or (ii) to anyone on the U.S. Treasury Department List of Specifically Designated Nationals or the U.S. Commerce Department's Table of Deny Orders. By using the Website, you represent and warrant that you are not located in, under the control of, or a national or resident of any such country or on any such list.

20. Governing Law and Choice of Forum. This Agreement shall be governed by and construed in accordance with the laws of the State of Illinois, U.S.A., without giving effect to any principles of conflicts of law. All disputes relating to this Website, this Agreement, or your use of this Website shall be subject to the exclusive jurisdiction and venue of the state and federal courts located in the State of Illinois, USA.

21. No Assignment by User. You may not assign any of your rights, obligations, or privileges under this Agreement without the prior written consent of CompTIA.

22. Severability. If any provision of this Agreement is deemed unlawful, void, or otherwise unenforceable, then that provision shall be considered severable from this Agreement. Such provision shall be enforced to the fullest extent allowed by law to achieve the intention of the parties. The severable provision shall not affect the validity and enforceability of any remaining provisions of the Agreement.

23. Waiver. No waiver of any provision of this Agreement will be effective unless set forth in a written instrument signed by the waiving party. No waiver of any breach or default shall be deemed a waiver of any subsequent breach or default.

24. Captions. The captions, titles, and subtitles used in this Agreement are used for convenience only and are not to be considered in construing or interpreting this Agreement.

Key Points

  • Many facets of our cities – from transportation and water management to building design and public safety, are ripe for reinvention. Inexpensive computing, sensors, and data storage, coupled with reasonably fast wireless connectivity and a large base of tech-savvy users provide the foundational ingredients for digitizing our cities. Add in cloud computing, big data, artificial intelligence, robotics, and a host of other cutting-edge technologies and a Jetsons-like future seems increasingly within reach.
  • The research, conducted among government respondents at the federal, state, and local levels, confirms the continuing transition of IoT and smart cities from theory to practice. Nearly 3 in 4 respondents report having more positive views of IoT today compared to two years ago. Moreover, 11% of government entities claim to have a formal IoT initiative underway, while 25% report some type of pilot project in the works. Many of these early stage efforts can be characterized as smart city initiatives, a sub-segment of the broader IoT trend. The areas where governments see the most likely applications in the short-term include energy management, public safety, and transportation. As the market further matures, expect offerings such as smart cities-as-a-service to gain traction, allowing cities with time or expertise constraints to utilize technology solution providers and MSPs for end-to-end service.
  • According to the research consultancy Gartner, an estimated 1.6 billion connected things will be used in smart cities by year-end 2016, a figure projected to grow 42% through 2017. CompTIA’s IoT Ecosystem Framework, which can be applied to smart cities, reinforces the need to think beyond simply the number of connected things and focus on the interdependencies between the hardware, software, services, and rules components. The rules piece, which covers both the regulatory side and the standards side, is where much of the uncertainty surrounding IoT and smart cities developments resides. Policymakers, city leaders, the business community, and private citizens will need to work through issues ranging from security and data privacy, to spectrum allocations, funding, and workforce requirements.

Market Overview

In 1914, one of the world’s first electric traffic signals was installed in Cleveland, Ohio. It directed the rapidly increasing volume of automobile traffic through the familiar red, green, and yellow lights still used to this day. It also included rudimentary logic to prevent signaling conflicts and user error. At the time, this was a momentous technological leap over the existing practice of a police officer standing in the middle of an intersection directing traffic. In the mid-1950s, another innovation surge occurred when the first computer-controlled traffic lights were installed in Denver, Colorado, providing for additional efficiencies and new capabilities such as pressure-sensitive detectors to adjust stop/go times.

As seen in the traffic light example, technology has been making cities smarter for more than 100 years. Of course, measures of ‘smarter’ are relative. Advances in one era are eventually viewed as obsolete in another.

Today, many facets of cities – from transportation and water management to building design and public safety, are viewed as ripe for reinvention. Inexpensive computing, sensors, and data storage, coupled with reasonably fast wireless connectivity and a large base of tech-savvy users provide the foundational ingredients for digitizing our cities. Add in cloud computing, big data, artificial intelligence, robotics, and a host of other cutting-edge technologies and a Jetsons-like future seems increasingly within reach.

1This emerging future is commonly referred to as the Internet of Things era. Under this expansive umbrella falls the concept of smart cities. Although definitions and interpretations of this concept are still evolving, elements of the smart cities trend are starting to solidify.

A CompTIA survey of federal, state, and local government technology decision-makers confirms a number of established themes. Even though this data focuses on IoT, many of these elements could just as easily apply to smart cities.

Connected and intelligent systems top the list of words most associated with IoT. Conversely, this implies that cities lacking IoT-enabled smarts remain digitally disconnected and likely missing opportunities for efficiency gains or better service delivery.

Other terms associated with IoT include machine-to-machine, data streams, and futuristic. These semantic opinions are certainly influenced by media coverage of IoT and smart city trends. According to the research, nearly 7 in 10 government respondents report getting news about these topics from tech blogs or tech news websites, while 32% have had internal discussions with colleagues, and 27% were exposed to information at a conference. Top-level awareness of IoT among the government audience stands at about 59%. To put this into context, awareness of 3-D printing (84%), drones (81%), and autonomous vehicles (76%) rate higher, while technologies such as augmented reality (28%) and chatbots (22%) rate quite a bit lower (see Appendix for more).

With just about any new innovation, the typical pattern is one of low information and confusion in the early stages, followed by information gains and a better understanding leading to more positive views. In the case of IoT, a net 73% of government respondents indicate more positive views today compared to two years ago. The remaining 27% reported unchanged views, or a more negative view, possibly due to increased concern over security risks. While word associations lean towards the favorable, a few negatives do make the list. Fifteen percent of respondents associate IoT with ‘a security disaster waiting to happen,’ with a similar percentage associating it with the quip ‘a solution looking for a problem.’

Sizing the Smart Cities Market:

  • According to the Gartner, an estimated 1.6 billion connected things will be used in smart cities by year-end 2016. This figure is projected to grow to 2.3 billion in 2017, an increase of 42%. Smart commercial buildings, transportation, and utilities will account for two-thirds of the total.
  • For context, there are nearly 20,000 cities and towns in the United States. The U.S. Census Bureau uses the classification of metropolitan statistical areas (MSAs) to describe cities of 50,000 or more residents; of which, there were 382 of these designations in 2015. Among all cities and towns, 85% have fewer than 10,000 residents.
  • 2
  • The research consultancy MarketandMarkets estimates the smart cities component of the Internet of Things market will grow to $147.5 billion worldwide by 2020, yielding a compound annual growth rate of 23%. MarketandMarkets includes remote monitoring, data, application and device management, building automation, and energy management technologies in its forecast.
  • The consultancy McKinsey and Company takes a similar approach, projecting the smart cities component of the IoT market will range between $930 billion on the low end of the forecast to $1.7 trillion on the high end by 2025. See CompTIA’s Internet of Things Insights and Opportunities study for additional IoT market projections.
  • The CompTIA smart cities research did not specifically address the dollars spent on smart cities technologies, but applying the adoption rate data to the number of cities and towns with 10,000+ residents translates to about 1,000 locations across the U.S. with some type of formal or pilot IoT and/or smart cities initiative underway. One in three government respondents indicated these initiatives were funded with new budget allocations, confirming the flow of net-new dollars into these investments.

The Path to Smarter Cities

The path to smarter cities will not be a straight line from point A to point B. There will be starts and stops, twists and turns as the many factors at play respond to market and political forces. While there are examples of where smart city solutions can be thought of as discrete products or services, that is more the exception than the rule. For the same reason the smart cities movement is so fascinating – the seemingly limitless number of ideas for making cities smarter – its vastness can be quite daunting.

Applying CompTIA’s IoT ecosystem framework to the smart cities concept provides a mechanism for reducing the scope to more manageable sub-components. The four dimensions of the framework are:

Hardware: as it pertains to smart cities, this may include end points such as street lights or parking meters, as well as embedded sensors which could be placed in pretty much anything.

Software: software sits at the heart of any smart cities deployment. This may entail the code used to control devices, the platforms for aggregating and managing data, and the mobile apps for real-time interaction. Cloud-based software-as-a-service will take a prominent role, but as is often the case, there will be a need for customized software development to connect legacy city management systems through APIs.

Services: while large, well-funded cities may have extensive internal IT expertise capable of managing smart city systems, most will need the assistance of outside experts. This may occur at the initial planning and deployment stages via an IT solutions provider, or via an ongoing relationship with a managed services provider (MSP) for day-to-day support when troubleshooting, security, or maintenance issues arise.

Rules: the first component of this category covers the standards and protocols associated with any technological development. For products to connect to the Internet, to one another, to carrier networks, and so on, requires common standards. The process – or battle as some may say – for setting these standards for IoT and smart city applications is well underway. Industry groups such as the AllSeen Alliance, Open Interconnect Consortium, Thread, Industrial Internet Consortium, Wireless IoT forum, and others are working feverishly to develop standards to govern the many interactions between hardware, software, and services. See the following section and the Appendix for more on the policy and regulatory landscape.

3City managers, city IT staff, and elected officials will require, at a minimum, a basic understanding of the framework and its interdependencies. Realistically, though, decisions regarding whether to invest or how to proceed with smart cities initiatives will be contingent on outputs rather than inputs. Smart city investments will be judged by metrics such as improvements to livability, cost savings, citizen engagement, business community support, and votes at the ballot box.

From the research, government respondents have high expectations for the value smart cities’ solutions will deliver. Again, using IoT as a proxy for smart cities, 50% of respondents definitely see value, while 39% indicate probable value. Among perceived benefits, improved decision-making through new or better streams of data ranks highest. Given the many layers of bureaucracy, agencies, jurisdictions, and constituencies, the interest in data-driven decision-making is not surprising. Even small improvements in empowering government workers with the right data at the right time can pay dividends.

Staff productivity and cost savings from operational efficiencies, both closely related to data-driven decision-making, rank second and third as smart city value proposition factors. With the number of public sector employees remaining essentially flat despite a growing population (+38 million since 2000), finding ways to improve staff productivity is critically important to governments and constituents.

Technology, however, is only one piece of the puzzle. The always-useful people-process-technology model provides this reminder. Without sufficient investments in staff training and workflow optimization, technology investments rarely reach their full potential. With the many complexities and interdependencies of smart cities’ initiatives, it will be imperative to get the people and process elements right. Note: the Smart Cities Readiness Guide from the Smart Cities Council provides a useful framework in developing a smart cities roadmap.

Touching on one other adoption driver, the topic of revenue, which is an interesting subject as it relates to smart cities. While city treasurers may be hopeful IoT and smart city initiatives can generate revenue, the research suggests this is viewed as a secondary factor or a longer-term objective. This may be a function of how government revenue is typically characterized as a tax or fee. While there may be opportunities to collect revenue more efficiently, government respondents are likely very aware of the political limits to pushing new fees onto local residents or businesses.

The other side of the adoption equation consists of the inhibitors or concerns that could slow forward progress. Starting with cost, which unsurprisingly is ranked as a concern among survey respondents. Beyond the upfront investment, ongoing service fees are another key variable in assessing IoT and smart city total cost of ownership. Relatively small monthly fees multiplied across many applications or devices can quickly add up, especially if usage exceeds original projections. This operating expense approach (OPEX) may be preferable to heavy upfront capital expenditures (CAPEX), but city planners will need to assess the tradeoffs and implications of these cost scenarios.

The research confirms the astute observation of government respondents that security and workforce will be of paramount importance. The frequency and severity of security breaches targeting government entities has led to a heightened sense of security awareness among government staff at all levels (more on this topic in the following section).

4Other challenges involve complexity and interoperability. Even tech-savvy city staff may quickly find themselves in unfamiliar territory when it comes to systems integration. Moreover, pilot projects may be manageable with existing city IT staff, but insufficient when it comes time to scale to full production.

In these situations, cities will likely turn to technology solution providers for assistance. Tech firms with expertise in integration, APIs, cloud computing, data, and security will be key to facilitating smart cities’ growth. Expect concepts such as ‘smart cities-as-a-service’ to gain traction as a means for providing efficient and effective end-to-end solutions. With economies of scale, standardization, and commoditization smart city technologies will become more accessible and affordable over time. The ‘smart cities-as-a-service’ approach brings it all together into what many city planners will view as an appealing option.

Smart Cities in Action

Water management: According to a article on smart city IoT applications, the city of Houston, Texas, was losing an estimated 15% of its water – 15 billion gallons each year due to leaky pipes. Using embedded sensors and intelligent pump control systems, the city was better equipped to regulate the flow of water and quickly identify issues before they became major problems. Examples of other water-related problems addressed through smart city solutions include: water quality, irrigation, stormwater runoff, flooding, and household water management.

Energy conservation: The New York State Energy Research and Development Authority (NYSERDA) announced it will begin work on a new Real Time Energy Management (RTEM) program. Commercial buildings, especially older structures, consume enormous amounts of energy. The New York State program will leverage sensors, smart meters, and big data analytics to help buildings optimize their energy usage. Beyond energy efficiency at the building or household level, there is a recognized need to upgrade the aging power grid. While a massive undertaking, smart grid technologies have the potential to revolutionize our nation’s approach to energy.

Transportation: The U.S. Department of Transportation recently selected Columbus, Ohio, as the winner of its Smart City Challenge. Columbus will use part of the $40 million prize to deploy electric self-driving shuttles, which will operate in conjunction with a new rapid transit center. The system will also enable better vehicle-to-vehicle data exchange and communication with traffic signals and other transportation infrastructure. With traffic and parking frequently cited as major detriments to a city’s livability, many city leaders will view this as a good starting point for smart city initiatives. Along with lighting, traffic or parking management can be thought of as smart city ‘on-ramps.’

Public safety: Copenhagen, the capital of Denmark, is frequently referenced as a leader in the smart cities movement. As part of its effort to become the first carbon-neutral city by 2015, the city replaced more than half of its street lights with energy efficient smart LED lights. The intelligence comes in the form of sensors and connectivity to the city’s network. This provides capabilities such as automatic dimming based on time of day or the presence of a full moon, as well as the detection of walkers or bikers with a corresponding increase in brightness for added safety. Other examples within the public safety category include: video surveillance systems with advanced analytics, forest fire fighting drones, and incident reporting and monitoring systems for citizens.

Environment: CITISENSE, a consortium of 14 European nations, is working to deploy a network of ‘citizen observatories’ to monitor air quality through wearable sensors. Similar crowdsourcing approaches to environmental monitoring are underway in Beijing and several other cities. With micro-climates and the influences of on-the-ground factors, environmental conditions can vary greatly from neighborhood to neighborhood within a city. Comprehensive networks of sensors and data analytics is a first step in helping cities get smarter and greener.

The Stakes Get Higher for Public Policy

As IoT and smart cities move from concept to reality, questions surrounding the government’s role in these emerging markets become more pressing. Eye-opening incidents involving hijacked cars, zombie refrigerators, or hacked power plants have already made the headlines. There are countless other scenarios, many seemingly out of science fiction movies, that will put governments, citizens, and businesses to the test.

For many regulatory bodies and policy makers, the rapid pace of innovation has quickly eclipsed their best efforts to get out in front of looming issues. While hearings or other activities have taken place in the U.S. Senate, the House of Representatives, the Federal Trade Commission (FTC), the Federal Communications Commission (FCC), the Department of Transportation, the EU Commission, as well as other industry bodies, most issues remain unresolved.

Somewhat paradoxically, private sector companies want regulatory clarity before pursuing IoT opportunities, and yet, they also express concern over a rush to new rulemaking. After compliance costs, this ranks as the second greatest concern among private sector companies considering IoT initiatives (see below). Given the many parts of IoT and smart cities, new regulations in these areas are especially prone to the law of unforeseen and unintended consequences.

Regulatory and policy discussions will continue to revolve around several core elements:


Security tops the list of IoT policy concerns. With the projected growth of connected devices and the corresponding increase in potential vulnerabilities, especially in new domains such as critical infrastructure, the security component of IoT provokes a number of thorny questions. For example, could security flaws be classified as product defects, making connected cars or appliances subject to recalls? Could support and service firms, such as IT solution providers, electricians, or mechanics, be held responsible for security incidents? Could corporate boards of city council members face liability for security negligence?

The research indicates about 1 in 3 government bodies rate themselves as being well equipped or very well equipped to manage the security component of IoT.

The FTC whitepaper, Careful Connections: Building Security in the Internet of Things, outlines key considerations and best practices for securing IoT. This includes not only the need to build robust security safeguards into IoT devices and systems at the earliest stages of development, but also ensuring ample resources are devoted to providing guidance and training to all types of users, whether they are consumers, small businesses, city employees or multinational corporations. The NIST Framework for Improving Critical Infrastructure Cybersecurity provides guidance for managing the unique security risks associated with critical infrastructure. The power grid is often cited as the example here; others include the water supply, dams, bridges, food supply, communications, defense, and the chemical sector.

Data Privacy

Closely related to security is the issue of data privacy. Most users of technology are not fully aware of the extent to which their personal data is collected, bought, sold and used by various parties. This could be considered the tip of the proverbial iceberg. In a hyper-connected smart cities world, the depth and breadth of data privacy concerns will greatly exceed those of today. Of course, many users willingly hand over certain data in return for access to services or capabilities. Issues related to acceptable use, opt in vs. opt out, right to be forgotten, data breach notification, data ownership, video or drone surveillance, facial recognition, customer privacy bill of rights, and cross-border legalities will be of particular interest to regulators.

Spectrum and Standards

While it is impossible to know exactly how the IoT market will evolve over the next decade, it is fairly certainly that IoT advances will strain existing spectrum allocations as billions of new wireless IP devices come online. When a mobile phone drops a call, it is chalked up as an annoyance. Should a driverless vehicle lose its connection, the consequences could be far more severe. Pervasive and robust broadband coverage is a recognized need, which the FCC has taken steps to promote through recent auctions of spectrum well suited for sending mobile signals over long distances. Beyond commercially licensed spectrum, the FCC and tech companies will also need to continue to evaluate options associated with unlicensed or white space spectrum – bands used by Wi-Fi or Bluetooth, for example.

As covered previously in this paper, standards play a pivotal role in ensuring interoperability and efficiency in IoT and smart city ecosystems. Historically, many standards and protocols in the tech space emerge from industry-led efforts, typically in conjunction with ANSI or ISO. In some cases, the market can support multiple competing standards; while in others, a single standard ultimately takes hold. Industry consortiums, trade associations, standard setting bodies, and companies with sufficient clout will continue to hammer away at establishing a market-optimized set of IoT and smart city standards and protocols.


The intersection of IoT and commerce has not received as much attention as other higher profile issues such as security, but there are a number of policy questions in this arena that will require attention. Consider the issue of data ownership. It is not always clear who owns what. Do households own the detailed usage data from water, gas and electric meters, or do the utility companies own it? Additionally, what are the rules that govern third party access to this type of data through APIs? Debate is underway in states such Illinois (see Illinois Grapples with Question of Who Owns Energy Data) to sort through these issues, which have potentially far reaching implications for IoT commerce.

Another interesting issue involves taxation. In most cases, IoT products and services will fall under existing tax law. But, could IoT facilitate new ways to assess or collect taxes? Could a cash-strapped state or city decide to impose a tax on certain types of IoT commercial activities? Could a foreign government impose restrictions on U.S. IoT providers which act as an import tax? These scenarios will undoubtedly spur intense tax policy and commerce debates.

Public-Private Partnerships (PPP)

Many of the early stage smart city pilot projects were made possible because of public-private partnerships. These arrangements help technology providers run proof-of-concept or beta tests, receiving valuable feedback and insights into go-to-market strategies. City leaders may get access to technology they may otherwise not be able to procure, as well as a firsthand look at how smart city technologies can be deployed. As initiatives move beyond the pilot project phase, public-private partnerships will evolve to best leverage each entity’s strengths.


As discussed throughout this paper, any discussion of technology must be accompanied by a discussion of workforce. This includes the core IT professionals, such as the network engineers, technology support specialist, software developers, and cybersecurity experts, needed to keep systems running smoothly, as well as the executive leadership and end users who rely on technology for day-to-day operations. CompTIA research consistently shows the demand for tech talent exceeding the supply. With looming retirements and new skills requirements coming online, tech workforce challenges show no signs of abating. As the smarter cities’ trend unfolds, expect the workforce component, including training, certification, and professional development, to become a more critical issue.

About this Research Brief

CompTIA’s Building Smarter Cities research brief examines how federal, state, and local governments are navigating the quickly evolving Internet of Things (IoT) trend, and by extension, the Smart Cities trends. This brief focuses on three primary areas:

  • Market Overview
  • Adoption Factors: Drivers and Inhibitors
  • Policy and Regulatory Issues

The data for this brief was collected via an online survey conducted during June/July 2016. A total of 172 U.S. federal, state, or local government personnel with some degree of technology decision-making responsibility participated in the survey. The overall margin of sampling error at 95% confidence is +/- 7.6 percentage points. Sampling error is larger for subgroups of the data.

As with any survey, sampling error is only one source of possible error. While non-sampling error cannot be accurately calculated, precautionary steps were taken in all phases of the survey design, collection and processing of the data to minimize its influence.

CompTIA is responsible for all content and analysis. Any questions regarding the study should be directed to CompTIA Research and Market Intelligence staff at

CompTIA is a member of the Market Research Association (MRA) and adheres to the MRA’s Code of Market Research Ethics and Standards.

For additional insights into the IoT and related emerging trends, see the following reports and briefs available at

  • Internet of Things Insights and Opportunities research study
  • Internet of Things Ecosystem analysis
  • Mastering the Internet of Things case study
  • Tech on the Horizon: From VR to Bots research brief