By PATRICK STEPHENSON
BRUSSELS – As more and more urban European services go online, EU citizens have come to expect to file their taxes, change their addresses, check traffic patterns and be informed about security alerts via their city’s web portal.
But does the response of cities to these changing demands present vulnerabilities that terrorists or criminals could exploit? This was one of the many critical questions explored at a conference, “Connecting the Citizen: Realising the Potential of Smart Cities”, held here on 7 November.
“Citizens want safety and privacy in their city,” Pierre Mirlesse, Hewlett-Packard’s vice president, told the event.
Noting that city dwellers demand a level of cyber-security that cities themselves are unprepared to provide, he drew his audience’s attention to the fact that criminals launched 1.9 million malware attacks per day during 2016, with many of those focussed on the web infrastructure of European cities.
“Cities are the next big target for cybercriminals,” he said. “We had double the amount of IoT [Internet of Things] attacks in 2016 than in the year before. The bad guys have an expanding ability to attack organisations. The weak point now is IoT. The next weak point will be cities.” [See this issue’s Euro-View on how IoT networks can be used to boost municipal security.]
Laurent Hublet, a member of Belgian Deputy Prime Minister Alexander de Croo’s cabinet, agreed. “Mobile phone, battery improvements, electric bikes, machine-learning algorithms, and the Internet of Things: [they are] all bringing a major paradigm shift, with consequences for our collective decision-making.”
Per Mirlesse, city venues such as stadiums offer municipalities unique opportunities to understand how citizens behave in groups, and how to react when crises strike. “At a stadium, everyone is connected through network capabilities for a small amount of time,” he said. Thus, if a sudden crisis broke out, municipalities could analyse the information provided by connected individuals and decide what emergency measures to implement. “It’s important for stadium [managers] to understand what is going on.”
Munir Ismet, government strategist at Hewlett-Packard, added that combining the separate ‘silos’ of city activity was the key. “The ability to put it all together comes with the move from silos to integrated solutions,” he said, and pointed to the New Zealand city of Auckland which monitors social media and more traditional news outlets to detect high-risk activities such as organised crime. Another example is Anaheim, California which pulls together data from connected citizens to manage the impact of earthquakes by making emergency response more effective.
Turning to urban cybersecurity, Väino Olev, director of IT for Tallinn said Estonia is determined to make the country’s cyber-networks as secure as possible. Referring to the government’s Smart Protection 2017 progamme, he said “we train 80 percent of smart device users to give them skills about using their devices securely.”
The programmed is financed jointly by Estonia’s public sector and private players such as banks and telecommunications companies.
But that principle is being ignored, as cities rush ahead to lower their costs through digitising citizen services. Widespread encryption is one possible remedy. Better citizen education, of the sort espoused and practiced by Estonia, is another. Indeed, the most secure computer system is useless if an ignorant or lazy user clicks on an infected malware attachment. Cities will either have to make their inhabitants more security savvy or design consumer services that are fool proof against sloppy user habits.
ps@securityeurope.info