Five seconds, a simple laptop, knowing where to look and what to look for. This is what it took to Thomas Stasch, Head of IT-Security and Civitec-CERT at Civitec to do a live demonstration of how simple it is to take control of a home automation system, something more and more people install without even thinking about security risks. What the demonstration shed light on is that beyond the relative easiness to hack many systems, most of them are not even protected at all. Most people only look at the functionality of a product or system they buy and do not even wonder about the security aspects.
This general lack of awareness about the security risks associated to digital technologies was the starting point of the conversation which took place in the session on The resilience of digital cities – cybersecurity, data protection and risk management in the digitalization era, the first on this topic at the Resilient Cities Congress.
Why talk about digital technologies in the context of resilience? As cities turn to digital solutions to increase efficiency and solve existing issues, they become increasingly dependent on few digital systems, making them, in turn, very vulnerable to any potential break down or attack of those.
Unfortunately, the risk is real. As Stasch explained, “There are two kinds or organizations: the ones that have been under attack and the ones that will be under attack.” The amount of data local governments hold makes them a great target for cyberattacks and the lack of data protection makes them an easy one.
There are many examples of local governments that have been under attack. Although it is hard to identify the hackers, the professionalism and sophistication of some attacks indicates that they come from organized criminal organizations or even foreign secret services. Too often, local governments wait until an attack happens to put the appropriate measures in place.
Paul Argyle, Multi-Agency Strategic Advisor to the Mayor and Deputy Mayor of the Greater Manchester Combined Authority, emphasized the cascading effects that these security risks can bring. Beyond the obvious threat to individual data and the correct functioning of public services, not reacting properly to a cyberattack can also have effects on the reputation of a city and therefore on the investments it can attract. To prepare best against this, Manchester is exchanging best practices with other cities, a practice which should spread to raise awareness on cybersecurity.
The session also highlighted the need for new discussions to take place at the local, national and global levels.
Local governments need to open a dialogue with their residents: What do we want from digital infrastructure? What do we want from data? How do we avoid making new technologies the default solutions? What values should steer local governments’ decisions?
Another discussion probably needs to happen at the national and at the global level, looking at these key questions: Should there be any international convention regulating the use of data? Should anyone own data or should it be a common good? How can we regulate and secure the use of data?
If this session opened up more questions than it brought answers, it sent a very strong call for more debate and open discussions. These are all the more important that, as Ina Schieferdecker, Director of the Fraunhofer Institute for Open Communication Systems reminded at the end of this session, digital technologies offer so many opportunities for cities, in particular in terms of sustainable development.
This post is based on The resilience of digital cities – Cybersecurity, data protection and risk management in the digitalization era session of Resilient Cities 2018.