Critical point for smart city security
Smart city projects are becoming reality, but are they moving faster than security can keep up?
The past few years have seen a major shift in cybersecurity awareness among government organisations in the region, due in no small part to the attack on Aramco in 2012. This high profile incident proved that even the biggest organisations can be vulnerable to cyberattack, and created a hunger for more knowledge and a drive for more investment in cybersecurity solutions. While Aramco provided the wake-up call that many in the industry had always said was necessary, the change in attitudes and desire to be proactive on cybersecurity doesn't mean that the battle is won, in fact I would argue that the cybersecurity situation is reaching a critical point.
For one, the nature of cyberattacks is becoming far more advanced than ever before. Factors like encryption and large volumes of data are making it harder for organisations to detect attacks. Hackers have become more sophisticated in their methods and their toolkits, and their attacks may now be several years in planning and execution.
Many hacking groups are also bringing the resources of nation states to bear, and politically-motivated attacks, which mirror real world conflict, are a particular problem for organisations in the region. Cyber warfare is a very real part of the threat landscape.
Another factor increasing the riskiness of the security landscape is the lack of skills. It is a global problem, and even with the willingness of governments to invest in skilled staff, there simply aren't enough IT security professionals to go around at present.
Probably the biggest risk factor however, is the drive for smart cities. Governments in the region are pushing ahead with digitised, connected city solutions, and telecoms operators are implementing the networks to support these systems. The problem is, that many of the network infrastructure standards have not been agreed upon yet, let alone security standards and compatible security solutions. Vendors are talking about an ecosystem of partners that will create smart city solutions, but no one seems to be taking ownership of the security piece, or to have a definitive idea of how security will work in a highly connected smart city environment.
Smart cities and the Internet of Things will mean an exponential increase in the number of endpoints connected to the system, which in turn drastically increases the attack surface - the number of ways for a hacker to get into a system. Putting security on every endpoint may not be feasible, which means network security solutions need a greater deal of intelligence, and a much greater processing capability, to be able to monitor all behaviour on these drastically-expanded network. While the IT industry is still developing these solutions, many smart city projects are pushing ahead, creating the possibility of smart solutions built on vulnerable technology, or environments that cannot be completely secured. To avoid critical security issues, it is imperative that smart city ambitions don't overtake the security reality.