One night in April this year, more than 150 emergency sirens blared for hours across the entire city of Dallas. But there were no tornadoes on the horizon. Texas was not being invaded by aliens or coming under attack from zombies. Instead, unidentified hackers had found their way into the Dallas IT system and decided to set off all the city’s sirens, apparently just for fun.
What may seem like a harmless prank in fact raises very serious issues for public administration. Put simply, how will Dallas residents ever trust the sirens again? From now on, will they just assume that hackers are at work and ignore the sirens, possibly with terrible consequences?
With just one cyberattack, decades of trust in a vital public service was lost overnight.
That is the major cybersecurity problem facing city authorities and national governments now. As more and more citizen services move online, from paying taxes to finding parking spaces to organizing medical appointments, our vulnerability to attack is increasing exponentially. And just one successful cyberattack can destroy the reputation of a service and undo years of hard work and investment.
Imagine if criminals hacked into a navigation app to divert traffic and cause chaos in the streets. Or if hackers used a malware worm like WannaCry to take down a city’s entire IT network. People who rely on the network for welfare payments or for healthcare services would be completely cut off, with nowhere to go. They would never fully trust the city’s services again.
To avoid such a catastrophe, cities need to adopt a new, holistic approach to cybersecurity. It is not enough just to try to protect an organization’s perimeter with firewalls. There needs to be a proactive attitude, based on assessing and monitoring risks, protecting services against known vulnerabilities and threats and anticipating future threats.
Cybersecurity is no longer only about protecting national secrets and military institutions. It is about safeguarding our everyday life as citizens.
A 360-degree approach to cybersecurity
As a first step public organizations need to understand the specific risks they face and how to protect critical assets from attack. Data security solutions for preventing attacks include anonymization, encryption and ID & access control, as well as services such as detection of Advanced Persistent Threats (APTs).
On the detection side, increasing numbers of organizations are now using the services of security operation centers to carry out real-time monitoring. These centers deploy sophisticated behavioral analytic tools to pinpoint potential incidents in real-time.
When it comes to response and remediation, public bodies are establishing Cyber Security Incident Response Teams to coordinate effective and efficient decision-making that can neutralize attacks and respond to evolving threats.
These three elements need to work together to form a continuous cycle of improvement. Cyber threats are evolving all the time, becoming more determined and more sophisticated. Public organizations need to make sure they stay one step ahead as they invest continuously in developing new services for their users.
Finally, it is important for citizens to be informed that their data is being used to power new services and educated about how to act responsibly to protect their devices and their data.
Powering public services
Data is the new currency of the digital age. Powering a new era of online services, data is becoming as important a utility as water, food and electricity. Cybersecurity is the key enabler of this revolution.
As consumers, we already trust the likes of H&M and Amazon with our personal data when we buy clothes and books online. We now need to develop the same level of trust in online citizen services.
But in the public sector, the stakes are much higher. The late delivery of a book or a coat because of connectivity and encryption problems may be a minor inconvenience. Losing a patient because of a Denial of Service (DoS) attack would be a disaster for any healthcare authority.
The development of citizen-centric digital services is raising the bar for cybersecurity. People need to have complete trust that their personal data is being protected and secured, or they will not use those services.
At Atos, we are helping many cities evolve an Open Data approach, sharing data from various sources on one platform to develop new citizen-centric services in complete security.
These services are enhancing the quality of urban life, improving public administration, and providing greater safety to city residents.
For example, in Eindhoven in the Netherlands, we have developed a solution that makes the street lights flash blue when there is a sudden deterioration in air quality, for example following a fire at a chemical plant. The lights are securely connected to air quality sensors using Internet of Things technology. Previously, it could take hours for the fire services and other authorities to organize a city-wide alert. Now, a potentially life-saving warning can be issued almost instantaneously.
With data volumes growing exponentially, the main challenge is not to combine the right data from the right places. It is to secure these ever-increasing volumes of data and to make sure that the data is available 100% of the time, and only to the right people.
If the Eindhoven street lighting flashed blue just once because of a hacking attack, people might never believe in the system again.
If the brave new world of digital innovation is going to fulfill its potential, then citizens need to have complete trust in these solutions. The mission of cybersecurity is to enable that trust and safeguard a new era of citizen-centric public services.