Overcoming the Cybersecurity Challenges of Smart Cities

Dr. Saeed Al Dhaheri

Chairman,

@DDSaeed

Towards Dubai 2020 Smart City Conference, University of Dubai, 15th January 2017

Overcoming the Cybersecurity Challenges of Smart Cities

Agenda• Introduction: Cybersecurity threats

• Cybersecurity landscape

• Examples: threats and incidents

• Smart City: what does it mean?

• Security of Smart Cities: 3 main factors

• Enabling Technologies for Smart Cities

• Cybersecurity Challenges and Solutions

• Cybersecurity Initiatives in UAE

INTRODUCTION: CYBERSECURITY THREATS

• Our society is now more vulnerable to cyber threats as we become more digitalized

• Half a million cyber attack each minute – Fortnet report

• The more connected IoT the more threats and risks

• 6.8 Billion IoT in 2016 expected to reach 20 Billion by 2020 – Gartner

• The more data recorded and stored in different locations the more threats

• Every two days the world create more data than the history of human kind until 2003

• Cyber attacks are getting more frequent and complex ----< smart city echo systems becomes more vulnerable

• Increasing global trend to implement smart city initiatives

• More than 1000 smart city initiative by 2025

Can we maintain privacy and security of smart city?

Risks not only restricted to Loss,theft, and financial but touchesLives of people

CYBERSECURITY LANDSCAPE IS GETTING COMPLEX

• Organizational boundaries disappeared (anytime, anywhere, anyhow computing)

• Hackers become more intelligent with the new smart tools –< more complex and intelligent attacks

• Attacks exploit the weakest link in the value chain

• More advanced tools for discovery and protection

• Intelligent worms targeting IoT devices (wearables ,smart watches,,,etc)

• Jail breaking the clouds and VMs

• Ghostware to conceal attacks

• Blastware destroys or disable when detected

• Ransomware

Video Cameras are a leading source of DDoS attacks

EXAMPLES: THREATS

• Possible threats:

• Hacking into Energy plants and manufacturing systems

• Hacking medical devices (pacemakers,,,etc)

• Hacking autonomous driving cars, or traffic lights network

• Hacking satellites

• Hacking financial and banking systems

• Hacking smart home systems

• Hacking Drones

Security & Risk management planning for smart cities becomes necessary

EXAMPLES: CYBERSECURITY INCIDENTS

DDoS attsck causes massive Internet outage in East Cost

EXAMPLES: CYBERSECURITY INCIDENTS

• Attack resulted in people using transportation for free• < 2000 devices were compromised

“You Hacked, ALL Data Encrypted. Contact ForKey(cryptom28@yandex.com)ID:681 , Enter”. Ransom of 100 Bitcoin ($70000)

27/11/2016

SMART CITY: WHAT DOES IT MEAN?

• “A smart sustainable city is an innovative city that uses information and communication technologies (ICTs) and other means to improve quality of life, efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social and environmental aspects”.

• Key attributes:

• Sustainability

• Quality of life

• “Smartness” or Intelligence

Urban Dimensions

People Living

Governance

Environment

Mobility Economy

ITU Definition

SMART CITY: WHAT DOES IT MEAN?

PREDICTIONS

• 90% of cities in 2016 will lack comprehensive policies for Drones, sensors, and IoT –<increased cybersec risks - IDC smart city 2016 predictions

• In 2017 at least one mid-size to large city will suffer a cyber attack that will impact its ability to effectively function for one day. IDC

SECURITY OF SMART CITY: 3 FACTORS

• Public Safety

• Privacy

• Technologies and ICT Security

SMART CITY ENABLING TECHNOLOGIES

IoT

Cloud computing

Smart and mobile devices

Drones

Artificial Intelligence

Social Robotics

Social Media

Blockchain

3D Printing

Big Data Analytics

Renewable Energy Open Data

All those technologies are subject to cybersecurity risks. Protection requires Cybersecurity strategy

CYBERSECURITY CHALLENGES AND SOLUTIONS

• Insecure IoT devices and insufficient testing• IoT devices easy to be hacked• No encryption for data or communication, and no access control standard• A study: < 200,000 traffic control devices in major cities around the world are vulnerable• IoT vendors don’t emphasize security or provide weak security

• Solutions:• Strong security criteria and standards for IoT devices• Data encryption and traffic encryption between IoT and Data Centers• Securing stored data, and policies• Conduct penetration testing after installation • Choose reputed vendors who offers strong security

CYBERSECURITY CHALLENGES AND SOLUTIONS

• No clear structure and governance for cybersecurity in the smart city initiative

• No clear leadership

• No Security Operations Center SOC

• No Smart City Risk management plan

• Solutions:

• Clear cybersecurity leadership and structure

• Example: Dubai electronic security center

• Appoint Chief Information Security Officer on a city level

• Clear roles and responsibilities for all concerned parties

• Risk management plan

• More collaboration between stakeholders are needs

CYBERSECURITY CHALLENGES AND SOLUTIONS

• Skill shortage in cybersecurity

• Solutions:

• Determine needs and coordinate with universities and training

centers

• Encourage UAE locals to study Cybersecurity and provide

scholarships

• Continue investing on training existing resources

• Provide incentives in the public and private sectors

CYBERSECURITY CHALLENGES AND SOLUTIONS

• Lack or insufficient legal framework and regulations

• Solutions:

• Review and amendment of the laws and regulations

• UAE law no 5 for 2012 for e-crimes

• International collaboration is required

• Training law enforcement and judicial staff to deal with cyber crimes

CHALLENGES AND SOLUTIONS

• Lack of Cybersecurity awareness among customers and employees

• Solutions:

• More Awareness campaigns

• Inside gov organizations for staff

• For customers

• Cooperation between law enforcement and citizensSalim aeCERT initiative

CYBERSECURITY CHALLENGES AND SOLUTIONS

• Budget problem

• Solutions:

• Need leadership awareness about importance of cybersecurity

• Partnership programs through PPP to execute Smart city initiatives

UAE CYBERSECURITY INITIATIVES

• On the Federal level

• National Electronic Security Authority – NESA

• Computer Emergency Response Team – AE CERT

• On the local level

• Dubai Electronic Security Center

• Abu Dhabi Systems & Information Center – ADSIC

• On the private level

• Smartworld Cybersecurity Center

• Dark Matter

DUBAI ELECTRONIC SECURITY CENTER

• To secure the government network and information systems, and develop Dubai Info sec policy and supervise its implementation

• Counter act the cybercrimes

• Develop Dubai cyber security strategy

• Focus on innovation in cybersecurity and spreading awareness

OVERVIEW OF SMARTWORLD Smartworld and The Kernel joined hands to build the first cybersecurity center in the ME region, which will train UAE nationals in cyber security and provide round-the-clock advanced security monitoring along with cyber threat management to government and private sector companies in the UAE.

Training Services

Focused on Cybersecurity in Software, Networks, and Social Engineering.

Exclusive Training Programs designed by The Kernel and Smartworld.

International Certification Programs (ISC2, ISACA, SANS).

Vendor Product Training.

Security Auditing and Reporting.

Penetration testing, attack simulation, controlled DDoS testing.

Consultation and Security Solution Design

Assess

Verify

Protect

WebConvot WAF Web Application

Firewall

Yubikey Multi-factor

authenticator

WebPurifier UTM

Unified Threat Management

ElcomesoftRecovery and analysis suite

OxygenMobile forensics

toolkit

EgoSecureEndpoint Security

Products

SECURING SMART CITIES INITIATIVE

• Global non–profit initiative to find solutions to overcome smart cities cybersecurity challenges• Focus on cooperation between cities, companies, and governments and int orgs and individuals• Guidelines about Info sec for Smart cities• Provide a repository of research papers

End