Vulnerabilities need to be excised through stringent security hygiene
Government authorities and private sector experts are facing a daunting task in confronting huge cyber security threats posed to the smart cities of tomorrow. The issue must already be causing sleepless nights for planners in the Gulf, particularly in Dubai which has strategic ambitions to become the smartest city in the world.
In topping a recent Smart City index that studied 10 Gulf cities’ strategy and execution of smart city campaigns, Dubai stood out for its strategic vision coupled with a clear understanding of the practical requirements to deliver on its vision. The Smart Dubai road map aims to deliver 1,000 services by 2017 across 100 initiatives. As of September, it had documented more than 500 current and planned smart services and initiatives, of which 150 had been completed.
Smart cities will provide businesses with unprecedented economic opportunities and Dubai is well on the way to achieving its objective. The other reality, however, is that smart cities are under threat from a variety of sources, be it from cybercriminals, cyber activists or attacks from other nation states. And the threats are very real.
The interconnected nature of devices, their sheer volume and generally lax inbuilt security make them particularly vulnerable to attacks, which tend to have large tangible outcomes.
When assessing the worst-case scenarios presented by cyber threats, security experts see immediately that the most critical parts of a smart city tend to be the critical infrastructures supplying electricity, water and communications to it.
Attacks on these leave any type of city in a perilous state. In a smart city, those effects are magnified as most of the infrastructure is electronic and controlling many aspects of the city.
We have already seen attacks on traffic monitoring and controlling sensors, city management systems to name a few. And, unfortunately, as the level of automation and complexity increases, this will get worse.
So what can be done now to guard against cyber threats to smart cities when these are still at the planning stage? Similar to any internet of Things (IOT) projects, authorities building smart cities need to observe “security hygiene” from design to deployment.
This typically means from the outset having security built into monitoring and controlling devices which are fully tested before deployment and actively managed. Even a simple checklist covering encryption, authentication, authorisation, and software updates will make a big difference.
The scale of cyber security threats in this part of the world is highlighted by the fact that
45 per cent of Middle East, Turkey, and Africa organisations reported cyber-security incidents in the first quarter of 2016.
Research says that the Middle East cybersecurity market will reach about $10 billion by 2019, double the figure for 2014. Governments and city planners need to have a clear security strategy in place to allow procurement and integration of suitably secured systems, which maintain their level of security throughout their lifetime.
Technology should be chosen with proper cyber security controls and protections in mind, with vendors being held liable for insecure products.
Crucially, governments must work with the private sector to safeguard smart cities. Governments should begin by obtaining independent advice, and assurance on the systems they deploy in smart cities.
This typically starts with a risk assessment and runs all the way through to detailed vulnerability and, in some cases, software analysis. The private sector can help to provide these capabilities as well as allow the government to scale their smart city assurance practices.
As the nature of smart cities means opportunities for cybercrime is dramatically increased, there are obvious concerns about how cyber security can cope.
It’s certainly true that the problem is growing and that will only get worse unless vendors are forced to ensure some basic security hygiene in their systems. The threat to smart cities is now prevalent and beginning to be realised, causing increasing awareness of the issue.
But the coming together of government and private sector to define and enforce better security controls in these systems will ultimately mean that the risk to smart cities will not continue to increase, and over time will instead reduce to manageable levels.
Dubai already has in place innovative programmes for data sharing and analytics, smart mobility solutions for traffic control, and a smarter grid programme for better management of power and water consumption.
The city is also developing smart health services, a smart police force and other mobile-enabled e-government services, and in the years ahead it can be a leading example of how smart city strategies need to evolve.
---
Autor(en)/Author(s): Francesco Pavoni
Quelle/Source: Gulf News, 16.12.2016
Bitte besuchen Sie/Please visit:
