[BreachExchange] For a more secure world, cities must share information on cyber-attacks - experts

Fri Apr 27 18:13:52 EDT 2018

http://news.trust.org/item/20180427141904-suktr/

With a few clicks of his mouse, and helped a little by the fact that the
person he was targeting had no password, Thomas Stasch quickly hacked into
the home system of a stranger in Germany.

But then, seconds before plunging the person's household into darkness by
switching off their lights, he stopped.

Stasch was showing an audience in Bonn how simple it is to hack
interconnected digital systems - often termed the "internet of things" -
such as elevators, baby monitors and home heating.

"It's becoming easier and easier," he said during a conference on building
resilient cities.

Stasch advises cities on vulnerabilities and digital strategy, and he warns
of a dark side to the trendy technology.

Digital security is particularly acute for cities, which hold reams of
valuable personal data - from tax information to welfare benefits and
parking fines. That makes citizens and local governments valuable victims,
he said.

To date, he told the gathering, the focus has been on the functionality of
digital systems rather than their security. But that will change.

"It's only a matter of time before you have problems, and so we should deal
with (cyber attacks) like a national catastrophe - you know it will come
and you have to be prepared," he warned.

INFORMATION IS POWER

One solution to improve cyber-security resilience is for city officials to
talk more openly about attacks they have endured, said Paul Argyle, who
advises the mayor of Greater Manchester in Britain.

"We need to accept it doesn't necessarily mean you've done anything wrong
if you've been attacked. We need to start sharing all that information," he
said.

Manchester is striving to be recognised as a global digital 'smart city',
and recently hosted a series of digital summits to push its reputation as
Britain's leading interconnected region.

Encouraging tech start-ups, investing in digital research and introducing
smart ticketing on public transport so that passengers can use one ticket
to ride a bus, tram or bike are some of the measures being taken, Argyle
told the Thomson Reuters Foundation.

Hospitals in the city were last year affected by the 'WannaCry' ransomware
attack that infected computers and crippled hospitals, banks and companies
across the globe. Britain and the U.S. held North Korea responsible.

"We know we will be attacked in different ways, in different parts of our
city," Argyle said.

Local municipalities needed to accept that they would be vulnerable and
likely unable to defend themselves against organised crime or state-led
cyber attacks, he said, but they can improve their resilience by talking to
other cities.

"We need an international convention," Argyle said, suggesting an agreement
similar to the Paris climate accord, as that could lay out universal
standards on cyber-security.

'WILD WEST'

On May 25, the European Union's General Data Protection Regulation (GDPR)
is set to enter into force.

Experts say it will be the biggest overhaul of privacy rules since the
birth of the internet, giving the public more control over how their data
is used, and requiring businesses to report data breaches within 72 hours.

For Roman Mendle, smart cities program manager at ICLEI, a global network
for local governments, it is not the technology itself that is to blame,
but rather the value systems and ethics behind them - which are led by
people.

He said digital technology could enhance cities, for example by managing
water systems or carrying out a population census, but warned that such
systems alone were not a panacea and could become yet another
infrastructure layer to manage.

"The more you rely on certain systems ... you're transferring dependency on
to the new system," he said.

He also agreed an international framework was needed.

"At the moment we're in a Wild West situation," he said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180427/fcc7231f/attachment.html>