Our cities are getting smarter. Some are smarter than others but the breadth of development suggests that almost all large urban areas will one day be smart in one way or another. As with all digital things, connectivity means vulnerability, and if we continue to neglect cyber security in the age of connectivity then the basic needs of millions of people could be at risk.
The city-state of Singapore may be the smartest urban area on earth. The increasingly smart nation leads the way in driverless cars, smart healthcare, cashless-contactless payments and energy efficiency. They make this development possible by placing huge priority on cyber security.
“Cyber security is a key enabler of our Smart Nation. The Government recognise the possible risks and has prioritised safeguarding relevant systems and networks that relates to security of citizens and privacy of data,” states the official website of Singapore smart nation initiative. “The government, industry and public must all play their part and take measures to safeguard data, and ensure that critical control systems are protected even as we make them smart.”
In the race to harness the benefits of connectivity however, many cities are not being as smart about cyber security. In December, a cyber attack on Ukraine’s power grid plunged the northern part of the capital, Kiev, into darkness, part of a series of strikes on its energy and financial infrastructure.
Israel also experienced a serious cyber attack on its electrical grid. The timely attack came as temperatures in Jerusalem dipped below freezing and electric heating was the only form of warmth for many. Another major cyber-attack was the source of the widespread electricity cuts across Istanbul, Turkey, in the final days of an already turbulent 2016 for the iconic city.
Attacks on power infrastructure and other public services can bring the city to a standstill, create panic and even directly endanger people’s lives. A warning sign for such attacks was heard around Dallas in April when hackers set off the Texan city’s 156 emergency sirens. For one hour and forty minutes city officials and IT departments tried and failed to stop the commotion.
“Every time we thought we had turned it off, the sirens would sound again, because whoever was hacking us was continuously hacking us,” said Sana Syed, a spokeswoman for the city, said in a telephone interview.
The confused residents of Dallas proceeded to overwhelm the 911 emergency response phone line late that Friday night, and officials were eventually forced to take the emergency system completely offline until Sunday. Now imagine the havoc that could be wreaked if hackers could take control of self-driving cars and buses, or the chemical filtration system for a city’s water supply.
It is fundamental to the health and safety of smart city occupants that high security capacity be a pre-requisite to the adoption of connected systems, at least on essential services. Yet only one in three municipal governments say they are prepared to manage internet of things security, and only 12% of government respondents believe they have the resources to respond to cyber crimes, according to a CompTIA research report.
The research showed that the majority (47%), consider their government well-equipped in some areas and ill-equipped in others, and a major issue seems to be security expertise. The same survey found that 83% of government agencies say only 1% to 2% of their IT departments are security experts, leading to a dangerous lack of defensive ability.
“The cyber security workforce simply cannot scale in line with additional device connectivity, as budgets for cyber are not unlimited,” states our recent report Cyber Security in Smart Commercial Buildings 2017 to 2021. “Competition for the brightest talents in the cyber security field will be intense,” the report continued, “government, military and financial services companies will likely cream off much of the best talent.”
The internet of things, driverless vehicles, and the unrelenting surge towards smart grids, cities and buildings continues. We are talk about cyber security but unprotected devices still flood the market and systems remain vulnerable to human error. We probably need to accept that the smart era is also the cyber attack era.
[contact-form-7 id="3204" title="memoori-newsletter"]