Date post: | 14-Apr-2017 |
Category: |
Government & Nonprofit |
Upload: | saeed-al-dhaheri |
View: | 172 times |
Download: | 0 times |
Overcoming the Cybersecurity Challenges of Smart Cities
Dr. Saeed Al Dhaheri
Chairman,
@DDSaeed
Towards Dubai 2020 Smart City Conference, University of Dubai, 15th January 2017
Overcoming the Cybersecurity Challenges of Smart Cities
Agenda• Introduction: Cybersecurity threats
• Cybersecurity landscape
• Examples: threats and incidents
• Smart City: what does it mean?
• Security of Smart Cities: 3 main factors
• Enabling Technologies for Smart Cities
• Cybersecurity Challenges and Solutions
• Cybersecurity Initiatives in UAE
INTRODUCTION: CYBERSECURITY THREATS
• Our society is now more vulnerable to cyber threats as we become more digitalized
• Half a million cyber attack each minute – Fortnet report
• The more connected IoT the more threats and risks
• 6.8 Billion IoT in 2016 expected to reach 20 Billion by 2020 – Gartner
• The more data recorded and stored in different locations the more threats
• Every two days the world create more data than the history of human kind until 2003
• Cyber attacks are getting more frequent and complex ----< smart city echo systems becomes more vulnerable
• Increasing global trend to implement smart city initiatives
• More than 1000 smart city initiative by 2025
Can we maintain privacy and security of smart city?
Risks not only restricted to Loss,theft, and financial but touchesLives of people
CYBERSECURITY LANDSCAPE IS GETTING COMPLEX
• Organizational boundaries disappeared (anytime, anywhere, anyhow computing)
• Hackers become more intelligent with the new smart tools –< more complex and intelligent attacks
• Attacks exploit the weakest link in the value chain
• More advanced tools for discovery and protection
• Intelligent worms targeting IoT devices (wearables ,smart watches,,,etc)
• Jail breaking the clouds and VMs
• Ghostware to conceal attacks
• Blastware destroys or disable when detected
• Ransomware
Video Cameras are a leading source of DDoS attacks
EXAMPLES: THREATS
• Possible threats:
• Hacking into Energy plants and manufacturing systems
• Hacking medical devices (pacemakers,,,etc)
• Hacking autonomous driving cars, or traffic lights network
• Hacking satellites
• Hacking financial and banking systems
• Hacking smart home systems
• Hacking Drones
Security & Risk management planning for smart cities becomes necessary
EXAMPLES: CYBERSECURITY INCIDENTS
DDoS attsck causes massive Internet outage in East Cost
EXAMPLES: CYBERSECURITY INCIDENTS
• Attack resulted in people using transportation for free• < 2000 devices were compromised
“You Hacked, ALL Data Encrypted. Contact ForKey([email protected])ID:681 , Enter”. Ransom of 100 Bitcoin ($70000)
27/11/2016
SMART CITY: WHAT DOES IT MEAN?
• “A smart sustainable city is an innovative city that uses information and communication technologies (ICTs) and other means to improve quality of life, efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social and environmental aspects”.
• Key attributes:
• Sustainability
• Quality of life
• “Smartness” or Intelligence
Urban Dimensions
People Living
Governance
Environment
Mobility Economy
ITU Definition
SMART CITY: WHAT DOES IT MEAN?
PREDICTIONS
• 90% of cities in 2016 will lack comprehensive policies for Drones, sensors, and IoT –<increased cybersec risks - IDC smart city 2016 predictions
• In 2017 at least one mid-size to large city will suffer a cyber attack that will impact its ability to effectively function for one day. IDC
SECURITY OF SMART CITY: 3 FACTORS
• Public Safety
• Privacy
• Technologies and ICT Security
SMART CITY ENABLING TECHNOLOGIES
IoT
Cloud computing
Smart and mobile devices
Drones
Artificial Intelligence
Social Robotics
Social Media
Blockchain
3D Printing
Big Data Analytics
Renewable Energy Open Data
All those technologies are subject to cybersecurity risks. Protection requires Cybersecurity strategy
CYBERSECURITY CHALLENGES AND SOLUTIONS
• Insecure IoT devices and insufficient testing• IoT devices easy to be hacked• No encryption for data or communication, and no access control standard• A study: < 200,000 traffic control devices in major cities around the world are vulnerable• IoT vendors don’t emphasize security or provide weak security
• Solutions:• Strong security criteria and standards for IoT devices• Data encryption and traffic encryption between IoT and Data Centers• Securing stored data, and policies• Conduct penetration testing after installation • Choose reputed vendors who offers strong security
CYBERSECURITY CHALLENGES AND SOLUTIONS
• No clear structure and governance for cybersecurity in the smart city initiative
• No clear leadership
• No Security Operations Center SOC
• No Smart City Risk management plan
• Solutions:
• Clear cybersecurity leadership and structure
• Example: Dubai electronic security center
• Appoint Chief Information Security Officer on a city level
• Clear roles and responsibilities for all concerned parties
• Risk management plan
• More collaboration between stakeholders are needs
CYBERSECURITY CHALLENGES AND SOLUTIONS
• Skill shortage in cybersecurity
• Solutions:
• Determine needs and coordinate with universities and training
centers
• Encourage UAE locals to study Cybersecurity and provide
scholarships
• Continue investing on training existing resources
• Provide incentives in the public and private sectors
CYBERSECURITY CHALLENGES AND SOLUTIONS
• Lack or insufficient legal framework and regulations
• Solutions:
• Review and amendment of the laws and regulations
• UAE law no 5 for 2012 for e-crimes
• International collaboration is required
• Training law enforcement and judicial staff to deal with cyber crimes
CHALLENGES AND SOLUTIONS
• Lack of Cybersecurity awareness among customers and employees
• Solutions:
• More Awareness campaigns
• Inside gov organizations for staff
• For customers
• Cooperation between law enforcement and citizensSalim aeCERT initiative
CYBERSECURITY CHALLENGES AND SOLUTIONS
• Budget problem
• Solutions:
• Need leadership awareness about importance of cybersecurity
• Partnership programs through PPP to execute Smart city initiatives
UAE CYBERSECURITY INITIATIVES
• On the Federal level
• National Electronic Security Authority – NESA
• Computer Emergency Response Team – AE CERT
• On the local level
• Dubai Electronic Security Center
• Abu Dhabi Systems & Information Center – ADSIC
• On the private level
• Smartworld Cybersecurity Center
• Dark Matter
DUBAI ELECTRONIC SECURITY CENTER
• To secure the government network and information systems, and develop Dubai Info sec policy and supervise its implementation
• Counter act the cybercrimes
• Develop Dubai cyber security strategy
• Focus on innovation in cybersecurity and spreading awareness
OVERVIEW OF SMARTWORLD Smartworld and The Kernel joined hands to build the first cybersecurity center in the ME region, which will train UAE nationals in cyber security and provide round-the-clock advanced security monitoring along with cyber threat management to government and private sector companies in the UAE.
Training Services
Focused on Cybersecurity in Software, Networks, and Social Engineering.
Exclusive Training Programs designed by The Kernel and Smartworld.
International Certification Programs (ISC2, ISACA, SANS).
Vendor Product Training.
Security Auditing and Reporting.
Penetration testing, attack simulation, controlled DDoS testing.
Consultation and Security Solution Design
Assess
Verify
Protect
WebConvot WAF Web Application
Firewall
Yubikey Multi-factor
authenticator
WebPurifier UTM
Unified Threat Management
ElcomesoftRecovery and analysis suite
OxygenMobile forensics
toolkit
EgoSecureEndpoint Security
Products
SECURING SMART CITIES INITIATIVE
• Global non–profit initiative to find solutions to overcome smart cities cybersecurity challenges• Focus on cooperation between cities, companies, and governments and int orgs and individuals• Guidelines about Info sec for Smart cities• Provide a repository of research papers
End