- Published: 23 December 2021
Gianni Minetti, CEO of Paradox Engineering, explains why cities must ensure security is built into their solutions from their very inception not added at a later stage of development.
The Maryland Health Department in the US is reportedly the latest victim of cyberattacks hitting governments, public bodies and cities. If measuring it as a country, cybercrime would be the world’s third-largest economy after the US and China, inflicting damages to public and private organisations for several trillion US dollars every year.
A cyberattack could potentially disrupt essential critical services, expose personal and financial data, and disable the economy of a city. Not a reassuring perspective for cities which are increasingly relying on interconnected networks and sensor-based infrastructures to operate and deliver any application that people and businesses need, from energy distribution to mobility systems, from street lighting to municipal waste collection, and more.
Cybersecurity risks are an unfortunate by-product of the digital age. Unless we fully give up on innovation and digital transformation, we must acknowledge 100 per cent cybersecurity is an impossible goal: our realistic target is being 100 per cent cybersecurity aware and focus on risk mitigation.
Which urban application is more vulnerable to cybercrime?
An online survey carried out by Paradox Engineering October 2021 targeting city officers, utility managers and ICT professionals suggested smart streetlighting and smart waste management (waste bin monitoring) are the least attractive applications to hackers and cybercriminals after public wi-fi, video surveillance, energy, water and gas distribution networks, and traffic control, parking management and smart mobility systems.
Let me say this is debateable. Inside the cyberspace, there are different types of hackers with different goals: while “traditional” cybercriminals attempt to violate systems and applications to steal money, there are hacktivists using hacking as a form of civil disobedience to promote political or social causes, espionage experts looking for industrial secrets or intellectual property, and cyber warriors carrying out digital assaults to attack nations and governments.
So, smart lighting and waste applications may not be attractive for money-oriented criminals, but they are no less of a threat as even a single LED light or smart sensor could be used as an access point for an attack with a different purpose.
Technology, people and processes
Robust cybersecurity isn’t down to one thing but a combination of technology, people and processes. At Paradox Engineering, we endorse open, standard-based Internet of Things technologies and have matured a security-by-design approach, which means having security built into our solutions from their very inception. In our experience, security can’t be added at the final stage of development. We think about infrastructure and application protection from the beginning and provide cities with intrinsically secure network systems.
While a security-by-design approach is absolutely needed when developing and implementing any digital system, we should favour cyber-awareness programmes to educate people: don’t forget that independent surveys say 90 per cent of security breaches come out of inadvertent human errors. People are the only element that can’t be configured, and any imprudence could be a problem.
Last but not least, security is to be managed as a cyclic process that starts from understanding the assets and the associated risks, applying measures to reduce the risks, prevent the known threats and be ready to detect and respond to unknown threats. Vulnerability can seep in at any stage and we must be prepared to manage it through effective processes.
We are completing the assessment for readiness of Paradox Engineering’s new Security Operation Centre (SOC), serving customers to effectively monitor, support and respond to cyber threats and incidents. SOC will provide a dedicated team with proven expertise and innovative tools to monitor the status of operating customer infrastructure, send immediate alerts in case of abnormalities or suspicious behaviours, detect and quickly highlight possible vulnerabilities. It will also act as an incident response centre by collaborating with other SOCs or computer emergency response teams.
Cybersecurity is a shared responsibility. Securing cities is not merely a matter of selecting and installing the best possible technology – it is a lifelong journey which requires constant education, monitoring and close collaboration, especially as hackers use advanced technologies such as artificial intelligence to become more effective and cybersecurity insurance costs soar.
Autor(en)/Author(s): Gianni Minetti
Quelle/Source: Smart Cities World, 14.12.2021