By 2050, about 70% of the world’s population is expected to live in cities. Using the Internet of Things, analyzing lots of data, putting more services online—all herald the digital transformation of cities. Becoming digital, however, means a new life in the cybersecurity trenches.
There is no place like Israel to teach local government leaders how to make their cities and citizens cybersecurity resilient. Welcoming attendees from 80 countries to the Muni World 2018 event in Tel-Aviv, Eli Cohen, Israel’s minister of economy and industry, highlighted the fact that the country represents 10% of the global investment in cybersecurity. And it shares its expertise with others, including alerting 30 countries to pending cyber or terrorist attacks, Cohen said. (I was attending the event as a guest of Vibe Israel).
Cybersecurity is a prerequisite for the smart city, argued Gadi Mergi, CTO at Israel’s National Cyber Directorate. That means pursuing security, privacy and high-availability (having a cyberattack recovery plan, backup facility, cloud management, and manual overrides) by design. As other presenters discussed at the event (see the list of presenters below), smart cities must adjust and adapt to the requirements of the new cybersecurity landscape, characterized by:
The expansion of the attack surface with the introduction of new points of potential vulnerability such as connected and self-driving cars, and the Internet of Things (71% of local governments say IoT saves them money but 86% say they have already experienced an IoT-related security breach);
A wider range of attacker motivations, including ransomware (it was the motivation behind 50% of attacks in the US in 2017, with ransom payments totaling more than $1 billion) and hactivism (drawing attention to a specific cause, adding cultural and political dimensions to cyberattacks);
Increased consumer concern about personal data privacy and loss (30% of customers will take action following a data breach—demand compensation, sue or quit their relationship with the vendor);
Not enough people with the right expertise and experience (the much talked-about cybersecurity skill shortage is exacerbated in municipalities which find it hard to compete for scarce talent with organizations with much deeper pockets; this challenge becomes even more severe with the introduction of new approaches to cybersecurity involving new tools based on machine learning and artificial intelligence);
Insisting on fast time-to-everything (Agile is not agile enough) results in reduced quality of cybersecurity applications.
What’s to be done about meeting these challenges? Here’s a short list of priorities for leaders of smart cities worldwide, based on the presentations at Muni World:
Prepare for the worst—develop a protection strategy and emergency plans, and get outside experts to help;
Practice—training and testing and more training and testing and simulations;
Automate—implement a continuous adaptive protection, automate the process of detection and response, apply algorithms liberally, including AI and machine learning–based solutions;
Upgrade—keep up with attackers’ new methods and tools, improve the state of hardware and software including leveraging the cloud and big data analytics and invest in elevating the skill level of the people responsible for cybersecurity defense;
Share—raise public awareness, disclose your experiences, and exchange information with other local governments;
Separate and disinfect—insert a virtual layer between the internal network and the internet, allowing only for sending commands and showing display windows, and make downloadable files harmless by deleting areas where programs may exist or transform them into safe data, regardless if they are malicious or not.
In addition to Eli Cohen and Gadi Mergi, other presenters at Muni World included Jonathan Reichental, CIO, City of Palo Alto, California; Roy Zisapel, co-founder and CEO, Radware; Menny Barzilay, Co-founder and CEO, FortyTwo Global; Morten Illum, EMEA VP, Aruba/HPE; Takahiko Makino, City of Yokohama, Japan; Yosi Schneck, Senior VP, Israel Electric Corporation; and Sanaz Yashar, Senior Analyst, FireEye.
Tamir Pardo, the former Director of the Mossad (Israel’s national intelligence agency), also spoke at the event, comparing the cyber threat to “a soft and silent nuclear weapon.” There is no way to stop a penetration, he said, and there will never be a steady state for cyber security.
Meaning life in the cybersecurity trenches, for local governments and all other organizations, will continue to get very interesting. To quote FireEye’s Sanaz Yashar (who quoted President Eisenhower), “plans are nothing; planning is everything.”