Safeguarding citizen services: A new vision of cybersecurity
Atos Director, Global Strategy Smart X
One night in April some years ago, more than 150 emergency sirens blared for hours across the city of Dallas. But there were no tornadoes on the horizon. Texas was not being invaded by aliens or coming under attack from zombies. Instead, unidentified hackers had found their way into the city’s IT systems and decided to set off all the sirens — apparently just for fun.
What may seem like a harmless prank actually raises very serious issues for public administration. Simply put, how will the residents of Dallas ever trust the sirens again? From now on, will they just assume that hackers are at work? Will they ignore the sirens, possibly with terrible consequences?
With just one cyber attack, decades of trust in a vital public service was lost overnight.
That is the major cybersecurity problem now facing city authorities and national governments. As more and more citizen services move online — from paying taxes to finding parking spaces to booking medical appointments — our vulnerability to attack is increasing exponentially. Just one successful cyberattack can destroy the reputation of a service and undo years of hard work and investment.
Imagine if criminals hacked into a navigation app to divert traffic and cause chaos in the streets; or if hackers used a malware worm like WannaCry to take down a city’s entire IT network. People who rely on the network for public assistance payments or healthcare services would be completely cut-off with nowhere to go. They would never fully trust the city’s services again.
To avoid such a catastrophe, cities must adopt a new, holistic approach to cybersecurity. It’s not enough to attempt to protect an organization’s perimeter with firewalls. There must be a proactive attitude, based on assessing and monitoring risks, protecting services against known vulnerabilities and threats, and anticipating future threats.
Cybersecurity is no longer only about protecting national secrets and military institutions. It is about safeguarding our everyday life as citizens.
A 360-degree approach to cybersecurity
As a first step, public organizations must understand the specific risks they face and how to protect critical assets from attack. Data security solutions for preventing attacks include anonymization, encryption, and ID & access control, as well as services such as detecting advanced persistent threats (APTs). On the detection side, increasing numbers of organizations are now using the services of security operation centers to carry out real-time monitoring. These centers deploy sophisticated behavioral analytic tools to pinpoint potential incidents in real time. When it comes to response and remediation, public bodies are establishing cybersecurity incident response teams to coordinate effective and efficient decision making that can neutralize attacks and respond to evolving threats.
These three elements need to work together to form a continuous cycle of improvement. Cyber threats are evolving all the time, becoming more determined and more sophisticated. Public organizations must make sure they stay one step ahead as they invest continuously in developing new services for their users.
Finally, it is important for citizens to be informed that their data is being used to power new services, and educated about how to act responsibly to protect their devices and data.
Powering public services
Data is the new currency of the digital age. Powering a new era of online services, data is becoming as important a utility as water, food and electricity. Cybersecurity is the key enabler of this revolution. As consumers, we already trust the likes of H&M and Amazon with our personal data when we buy clothes and books online. We now need to develop the same level of trust in online citizen services.
In the public sector, however, the stakes are much higher. If your book or coat is delivered late because of connectivity and encryption problems it’s a minor inconvenience, but losing a patient because of a Denial of Service (DoS) attack would be a disaster for any healthcare authority. The development of citizen-centric digital services is raising the bar for cybersecurity. People must have complete trust that their personal data is being protected and secured, or they will not use those services.
Cities employ an open data approach, sharing data from various sources on one platform to develop new citizen-centric services in complete security. These services are enhancing the quality of public life, improving public administration, and providing greater safety to city residents.
For example, consider a solution that makes the streetlights flash blue when there is a sudden deterioration in air quality — such as following a fire at a chemical plant.
The lights are securely connected to air quality sensors using IoT technology. Previously, it would have taken hours for the fire services and other authorities to organize a city-wide alert. Now, a potentially life-saving warning can be issued almost instantaneously.
With data volumes growing exponentially, the main challenge is not to combine the right data from the right places, but to secure these increasing volumes of data and make sure that the data is available 100% of the time — only to the right people.
However, if the hypothetical streetlights above flashed blue just once because of a hacking attack, people might never believe in the system again. If the brave new world of digital innovation is to fulfill its potential, citizens must have complete trust in these solutions. The mission of cybersecurity is to enable that trust, and safeguard a new era of citizen-centric public services.