Disruptive technologies for smart cities - Cybersecurity
Author: KISMC team
The article is a continuation of the series of articles for disruptive technologies for smart cities we started publishing in April 2020.
It is the result of the ongoing Erasmus+ project Smart technologies by design (Smart by Design) and is based on the outputs produced by the project partners GAIA & DEUSTO and ARIES T.
Current status
Cybersecurity consists of tools, policies, guidelines, risk management, actions, training and technologies that users use to protect their virtual environments. They include concepts that establish network security. Nowadays, a great deal of information from users and enterprises such as personal data, banking information, passwords, purchases, bookings, etc., is transmitted online. All this information poses a risk to the security of both individuals and enterprises, hence cybersecurity management is vital to ensure the safety of all those movements that take place on the internet. The cybersecurity is an aspect which companies must deal with in order to carry out their activity in the current environment. Virtually all companies will suffer cyber-attacks throughout their lifetime. Therefore, it is important for companies to establish defence programs and strategy against these attacks (Jaramillo, H et al., 2015). The experts believe that cybercrime will generate annual losses of 6 trillion dollars by 2021, as cybercrime is the fastest growing crime in the world. Although the costs spent on security will be higher than a trillion dollars between 2017 and 2021, it will not be able to cope with the growth of attacks that are presumed to occur. These data show that even if you try to fight against it, cybercrime is the greatest threat to the majority of enterprises and users in the world.
The platforms
Due to the large number of different areas that may be associated with security, there is a wide range of solutions related to cybersecurity in different areas, some of them are:
- Accenture
- Comodo
- Eset
- Cradelpint Netcloud
- Lookout Mobile Security
- Random.org
- StaySafeOnline
- FCC Small Biz Cyber Planner 2.0
- Symantec
- Cloudfare
- NS Focus
- CSID
- HTTPS Everywhere
- Social Engineer
Existing standards
With regards to cybersecurity, several standards and regulations are in place that is being developed by different entities, the most noteworthy are ISO standards and those developed by ETSI.
- ISO standards, on cybersecurity, include:
- ISO/IEC 27001: Specifications for a good information security management system in organisations
- ISO/IEC 27032: provides a secure framework for the exchange of information, incident management and coordination to make processes more secure.
The European Telecommunications Standards Institute (ETSI) has published the following, although it is still working on new specifications:
- TR 103 421 CYBER; Network Gateway Cyber Defence
- TR 103 306 CYBER; Global Cyber Security Ecosystem
- TS 103 307 CYBER; Security Aspects for LI and RD Interfaces
- TR 103 305 CYBER; Critical Security Controls for Effective Cyber Defence
- TR 103 331 CYBER; Structured threat information sharing
- TR 103 304 CYBER; Personally, Identifiable Information (PII) Protection in mobile and cloud services
- TR 103 369 CYBER; Design requirements ecosystem
- EG 203 310 CYBER; Quantum Computing Impact on the security of ICT Systems; Recommendations on Business Continuity and Algorithm Selection
- TS 103 307 CYBER; Security Aspects for LI and RD Interfaces
- TR 103 303 CYBER; Protection measures for ICT in the context of Critical Infrastructure
- TS 103 487 CYBER; Baseline security requirements regarding sensitive functions for NFV and related platforms
- TR 103 308 CYBER; Security baseline regarding LI and RD for NFV and related platforms
- TR 103 306 CYBER; Global Cyber Security Ecosystem
- TR 103 309 CYBER; Secure by Default - platform security technology
- TR 103 305 CYBER; Critical Security Controls for Effective Cyber Defence
Key applications
As the number of networked systems and devices prone to external attacks is growing, there are different types of fields where the importance of cybersecurity should be given consideration:
- Mobile devices
- Email security
- Signing of documents
- Smart cards
- Robust authentications
- Counterfeiting prevention
- Virtual private networks
- Secure communications
- Software development
- Online validations
- Unique signatures
Expected evolution over time
Platforms
In order to deal with future cybersecurity problems, various aspects of security must be taken into account (David, C. 2015):
- The malware that attacks users and enterprises is becoming smarter and they are getting to operate them more independently. Therefore, the new cybersecurity platforms must be more sophisticated and should evolve to deal with this malware.
- All new products and services based on the internet of things must consider the security and privacy intrusions that they may infringe. These products generate a lot of information and collect sensitive data from users and hence companies must be very careful while establishing their privacy policies.
- The cloud-based systems are growing in volume, making them more vulnerable to external attacks. As the number of devices connected to the cloud is growing, new attacks are expected, and thereby, new defence platforms will appear.
- Smart Cities will contain an increasing number of new elements such as traffic, automation, lighting controllers, etc. There will be new vulnerabilities which the cybersecurity experts should consider. At present, there are a small number of cybersecurity professionals, hence many organisations although would like to enter the global digital economy, they cannot do so due to the lack of human resources who are subject matter experts.
Hence, it will be difficult to establish security policies and strategies by themselves and will have to resort to external professionals. This is why security vendors will design open security platforms designed to engage the highest number of companies in these issues.
Standards
As to future standards and regulations, the European Commission is striving hard in this area (Díaz Vico, J. 2015). In May 2017, the EC announced new initiatives and legislation on online platforms, cybersecurity, and the new economy based on information management, in order to address some of the weaknesses of the digital single market.
With regard to cybersecurity, the Commission stated that at the end of 2017 it will review the current strategy and the mandate of the European Network and Information Security Agency (ENISA) and promote new measures on safety standards related to the digital realm, certification and labelling so that new “objects” have greater security.
Potential applications
- According to the Definition of cybersecurity business framework based on ADM-TOGAF (Jaramillo, H. D et al., 2015), the potential applications in the cybersecurity area are:
- Big Data: with exponential growth in information volumes through new devices, cybersecurity must grow and adapt to the new requirements so that criminals may not seize this information.
- Machine learning: in this field professionals can process information more efficiently and predict attacks with more ease.
- Health: cybersecurity can play an important role to protect medical equipment from threats.
- Internet of Things: protection of ever-increasing objects that will have networked connections.
- Artificial Intelligence
- Drones
- Smart Cities
- Robotics