It's happening all around us. Cybercrimes are increasing rapidly as we transition into online sales and digital payment methods and increase our use of mobile electronic devices. By 2022, CSO, an online magazine for Chief Security Officers, reports that more than six billion people will be connected online, representing an increase from the current 3.8 billion internet users, which already represents 51% of the world's population. This increase in both the numbers of people using digital devices and the plethora of devices in use will provide cybercriminals attack opportunities never before imagined. The cost of cybercrime worldwide will increase beyond $6 trillion annually, making the opportunities well worth the risk for cybercriminals.
Providing effective security against these cybercrimes will become increasingly complex and difficult to deliver as cybercriminals exploit new techniques to bypass the security of organisations and individuals. Already, they are causing damage, disrupting sensitive data and stealing vast amounts of intellectual property, as well as robbing citizens and businesses. The increase in these crimes is getting everyone's attention. Surveys show that a majority of people believe their organisations are unlikely to be able to detect a sophisticated attack.
Will we forever be at the mercy of these cybercriminals then? Perhaps not, as we enter the era of smart cities.
The smart city is an urban area which employs a variety of electronic sensors to collect data and manage operations about the environment, safety and security, operation and use of resources throughout a city, which can be used to efficiently to manage assets and resources within the city, as well as provide greater protections for its inhabitants. Smart cities of today are incorporating air quality and pollution levels as well as using video sensors to manage crime.
Technology giant IBM says smart cities as, "INstrumented," "INterconnected," and "INtelligent." This "IN3" concept will help to deter crime by having appropriate sensor instrumentation implemented throughout the city and, in turn, interconnected to allow free and rapid flow of information throughout the network. By doing so, the smart city will indeed become a more intelligent place.
Will it provide greater safety and security from cybercrime, or does it in itself provide a greater opportunity for mischief?
The answer is, "Yes" on both counts. Since anytime digital devices will be implemented for use in monitoring, they will provide opportunities also for access to criminals. However, smart cities will be far better equipped than today's cities to handle the onslaught.
First of all, smart cities and their technology will become more and more invisible to individuals within the cities, becoming a ubiquitous presence in the surroundings. This also means that the city will be monitoring its citizens' every move.
For example, the Bristol "shadowing" project was a joint venture of the University of Bristol and the Bristol City Council in Britain, with the objective of creating an "open, programmable city region." The project was developed as an initiative for public art. Using custom-built infrared sensor systems, which were added to street lamps in late 2014, the project could record the shadows of pedestrians walking by.
These shadows were then projected back through the street lights for other pedestrians to see. This playful exhibition demonstrates how smart city surroundings will be recording and viewing movements in the city. In the future, this "art" may be used by law enforcement to track both pedestrian and vehicular traffic and to solve crimes.
Smart cities will also need to be equipped to secure and track their data. Digital Access Control (DAC) systems will need to be incorporated into smart city infrastructure to ensure that only authorised officials have access to smart city data. DACs are and will remain crucial in protecting city services from cyber threats, malicious activities or alterations of data.
Smart access lists will also need to be devised to ensure that only appropriately authorised personnel will have access to the required information. City officials must be segregated by duties and responsibilities in the database and authorised access to the data and networks only when absolutely necessary for their work responsibilities.
Smart cities will incorporate privacy enhancing technologies (PET) as well. Privacy enhancing technologies include tools, applications and mechanisms that can protect personal information, or provide secure procedures for handling different services.
This "coherent system of information and communication technology measures" as defined by the European Commission, "protects privacy by eliminating or reducing personal data" and prevent unnecessary or undesirable processing of data. Examples of these tools include ad blockers, cookie removers, malware detection, site blocking, and encryption mechanisms. A great many other tools are currently under development and will be incorporated as more smart cities come online.
City CERTs
Another key aspect of future smart cities will be the city Computer Emergency Response Team, or CERT. This group of cybersecurity experts drawn from both public and private sectors will provide a crisis response for cyber issues, just as the fire or police departments do today for emergencies. The CERT will develop and implement detailed plans for emergencies that provide both accountability and responsibility based on the nature of the cyber emergency.
Additional business best practices that can help today in preventing or mitigating cybercrime include end-to-end encryption, isolation of trusted sources from public sources, implementation and use of strong password policies, and up-to-date firewalls and antivirus software on all devices. Also make sure to include audit logs of transactions. In addition, for the dreaded ransomware, and other cyber breaches, regular data backups are a must.
Will smart cities provide a brighter, cybersecure future and enable us to reduce the expected wave of cybercrimes? Maybe. The real answer lies with each one of us, who must take responsibility by guarding our information, developing complex passwords and using them, encrypting our data and backing up our files. You are the first link in the cybersecurity chain.
(Iyengar is a distinguished Ryder Professor and Director, School of Computing and Information Sciences, Miami; Miller has been with US Air Force for over two decades and is Coordinator, Discovery Lab, Florida International University)
Deccan Herald is on WhatsApp Channels| Join now for Breaking News & Editor's Picks