Most of the people feel “Safe and Secure” when they protect the perimeter by acquiring automatic security devices such as (but not limited to): Firewall, Antivirus and Intrusion Prevention Systems. Unfortunately nowadays perimeter does not exist any longer, attackers developed frameworks able to bypass these automatic defences. For such a reason a “security process” plays a fundamental role. Having said that I would probably ask her/him 3 questions:
Important assets such as (but not limited at):industrial control systems, strategic traffic points, ports, airport facilities, utilities infrastructure and so forth are statistically targeted by cyber attackers. Cities with an integrated strategic assets defence system would probably be the best positioned to increase cyber defence and, consequently, protect its citizens. If you want to create a smart city you should also think first to forge smart citizens. Security is not just about defense systems and technologies, it is also about personal behaviors. Municipalities should educate their citizens to live in the digital world setting up education programs teaching a conscious use of technologies, undressing the potential risks in order to take full advantage of the digital transformation.
Even if a smart city is much more than a city with electronic devices on it, the high number of smart devices and digital processes would definitely increase the attack surface with the result of being more “hackable” if compared to “traditional” cities. However the great benefits introduced by technologies in terms of environment sustainability, increase productivity in the public administration and the possibility to offer better services to citizens can not be stopped. The digital revolution is going to happen anyhow and everywhere.
It’s an inevitable transformation, the digital revolution is going to happen anyway and it will provide unbelievable opportunities for business, cities, society and humanity. Digital is invisible like the oxygen we breathe, it is becoming almost as vital and is growing exponentially. Everything is becoming connected and connectivity is a massive technology disruption.We are moving from 15B devices connected today to 50B in 2020, IP traffic is set to triple between 2014-2019 and finally – when you look at the IP mobile traffic – 40% of that is going to be «Machine to Machine» (sensors). By adding more and more devices and generating more and more data, security needs to be everywhere. Taking advantage of the digital opportunity is our first concern. Why do we put breaks on cars? In order to go faster. In the same way security enables the digital economy.
Yes, I do. Personal data and critical infrastructures are often connected to cities data bases. For example anagrafe or medical records (at least in public hospitals) are often stored into local government databases, so they are eligible of cyber attacks. For such a reason they should be cyber compliant.
In Yoroi we experience cyber attacks every hour. Most of them differ to other for few line of codes, some others are completely new and cyber analysts compete against time to understand the attack and to block it in order to protect our customers. So I would say it is real life and it is quickly moving up to another level. Defense belongs to Humans not to technology.
Depending on the adopted classification environment, governments and private companies might also require to avoid external connections of specific assets. Many classified networks are not connected to internet or to public networks at all. Lets think about: flight control networks, train orchestration networks, intelligence networks, they are totally classified and self-resilient “disconnected” networks. However, data classification involves a deep and specialised process which should be driven by cyber security specialists.
This is a such a difficult question! I personally would approach the problem from two opposite perspectives: bottom up and top down.
The “bottom up” perspective assures quick defensive actions appreciable in the short-medium term, while the “top down” approach will guarantee a wide range of actions to be considered in the mid-long term. As a first “bottom up” action I would organise a cyber security defence center able to protect city critical infrastructures and classified data, while in the mean time I would start up a dedicated cyber security city commission able to make plans to the continuously improvement of cyber defenses. And – of course – educate citizens to behave properly.
For more information: http://www.yoroi.company/