Preventing the Breach in a City’s Digital Walls
Cities use to defend themselves with walls, trenches, and moats, but how does a city defend itself against cyberattacks and modern criminals and threats? Our latest article looks into how modern cities face these issues and what security tools are being used.
In times gone by, one of the ways cities, and even countries, defended themselves against attack, was by building walls. We can still see the remnants of some of these walls today, think of Dubrovnik, Carcassonne, Hadrian’s Wall and the Great Wall of China. Today, cities still need defence from attack, but it is the digital city, rather than the physical city, that is under constant threat.
Cybercriminals have steadily been turning their attention to the state and public entities, rather than corporate organizations and citizens, because the greatest weaknesses and opportunities can be found in the public sector. When we talk about GovTech, we overlook how all-encompassing it is; every aspect of a citizen’s life and well-being from health and education to water and energy supply falls under the GovTech umbrella. It also applies to the resilience and sustainability of the city, from meeting the SDGs by 2030 to combatting climate change and achieving Net Zero by 2050. So the wily cyber villain can pick on one of many weak spots to launch an attack.
Breaching the City’s Ramparts
The cast of characters who try to hack into computer installations is many and varied, ranging from bored and inquisitive teenagers to international terrorists. The majority of successful incursions usually are ransomware attacks, where some or all of a victim’s data is encrypted and can only be unlocked via a key which is delivered on receipt of the ransom. Like with all kidnappings, the decision to pay or not is a difficult one. Some notable ransomware attacks against public bodies include:
The City of Baltimore was hit in 2019 by the RobbinHood malware. This virtually brought the city to a standstill, billing for rates and taxes could not be processed, real estate transfers could not take place and the police could only be accessed via a 911 call. While the city refused to pay the hackers, they lost millions in revenue. Despite the City of Baltimore taking remedial action to prevent future attacks, the Baltimore County Schools System got hit in November 2020, having ignored attacks on other US schools.
A malware that was infiltrated into the Ukrainian tax system in order to compromise the Ukrainian Government had a disastrous ripple effect on companies such as Maersk and Mondelez. NotPetya was, and still is, highly contagious and dangerous. In fact, most of the malware we have heard of, such as Wannacry, Locky, Ryuk and Bad Rabbit, are still circulating and causing harm. What is even more disturbing is that if you want to enter the world of cybercrime, you do not even have to be proficient in coding; you can just opt in for RaaS, Ransomware-as-a-Service.
Why Cities are such a Good Targets
Cities have such a wide range of services and platforms, often operating in silos and using legacy systems, that there are plenty of backdoors for cyberthieves. While the easiest way to get in is usually through human weaknesses and employees who open malicious emails or click on an unsecured website, there is also the huge opportunity presented by IoT devices, such as temperature and air quality sensors. Older sensors were not always equipped with anti-spyware software, and generally do not have much room for the necessary code to protect against cyberintrusion. A frontline of edge servers, which manage and control the IoT out in the streets, is essential for evaluating the input from the various sensors, and quarantining anything suspicious, but not every city has got round to that. This is why GovTech has become so important, because it embraces all the digital aspects of a city in a holistic and coordinated manner. This also makes it susceptible to ransomware and other attacks if it does not have comprehensive cybersecurity.
The Rise of the Digital Twin
Defining exactly what constitutes a digital twin depends pretty much on what industry is using it and for what purpose. For instance, in the automotive industry it can vary from a virtual map of the wiring harness in a vehicle, to a complete analogue of a customer’s car, used by Tesla to manage remote maintenance and protection.
Cities have not been slow to grasp the concept, Especially in Asia, with Singapore, Shenzen and Shanghai adopting the concepts. The US and Europe are not lagging far behind, though; cities that come to mind are Boston, Las Vegas, Antwerp (port cities are a special case) and Helsinki. While the scope and scale of what the digital twin manages may differ from city to city, generally they have the beneficial effect of:-
- breaking down municipal silos
- providing a holistic view of the city and its services
- mitigating risks and events, from small problems like a local fuel spillage to major disasters like floods and fire, through proactive advice of an impending threat
- massive cost savings and our focus, forming a coherent and unified platform against cyberattack
Europe is aware of the potential of the digital city, and the Netherlands is playing a leading role in this space.
European and Dutch Oversight Protecting GovTech
Europe has taken the first steps to designing and building digital city models across six “lighthouse” cities in its Horizon 2020 project. The intent is to come up with reusable models that can be adopted by other European cities and towns, based on the designs of Madrid, The Hague, Budapest, Lyon, Oslo and Porto. While the focus of these twins is on logistics and mobility, it is clear that cybersecurity is an essential component of managing a city’s logistics. This has given rise to technologies building cybersecurity digital twins to protect the digital city.
The Hague and Rotterdam have made some serious inroads to building a number of digital twins. The Hague has commissioned Arup to build a digital twin of the Dutch government’s County Hall building (see p92). While the primary focus is to optimize heat emissions to reach Net Zero by 2040, the project incorporates robust cybersecurity to ensure none of the thousands of IoT sensors can be breached.
Rotterdam intends to become the world’s smartest port. While this requires the construction of a digital twin, that twin must be secure against cyber threats. Earlier this year, various vulnerabilities were identified within the port. These will be addressed by a comprehensive cybersecurity initiative, in collaboration with FERM-Rotterdam and as part of Rotterdam’s role as a city of innovation. With the supporting research and education provided by TU Delft, Leiden and Erasmus universities, South Holland will be investing much time and resources in ensuring that the Netherlands’ cities are secure against cyberthreats, as well as providing models for adoption by other cities and countries.