On Thursday, September 28, Andreas Kuehn, Senior Program Associate, will give a talk titled “Towards Cyber Resilience: Policy Challenges for Securing IoT” at the 5th Europol-INTERPOL Cybercrime Conference. He is joined by Microsoft’s Benedikt Abendroth, Senior Cybersecurity Strategist. The event will be held at Europol’s headquarters in The Hague on September 27-29. The panel — consisting of senior law enforcement officials, industry experts and technologists — addresses current and emerging challenges from the Internet of Things.
Q: What is EWI bringing to the Europol-Interpol Conference this year?
EWI appreciates the opportunity to participate in the Europol-Interpol Conference, which offers a unique venue to engage with law enforcement, public safety officials and industry representatives. IoT for public safety and security, particularly law enforcement and first responders, have received much less attention compared to other applications areas for cities. In particular, we look forward to discussing the importance of cyber resilience – the idea that complex systems need to be designed to reflect the rapid change in disruptive technologies, and the need for information security and business continuity. We believe that law enforcement is a key partner in such initiatives as cyber resilience is a necessity to ensure public safety and security in a smart city, both in the cyber and the physical realm.
Q: What is the growing relevance of IoT in the cybersecurity space?
Internet-of-Things technologies are actively being used by consumers, enterprises, cities and governments today. Yet, securing IoT remains a major challenge, given the large number of devices, lack of security and an ever expanding IoT ecosystem. The Mirai Botnet attack last year, where nearly a million users across Europe were thrown off the internet after criminals tried to hijack home routers as part of a coordinated cyber attack, gave us an idea of how IoT devices can be harnessed for DDoS attacks.
EWI, together with its partners, Microsoft, Palo Alto Networks and Unisys, have set out to produce a guide that describes key elements towards successfully securing IoT in cities’ networks. The guide references best practices, relevant standards and frameworks to manage IoT cybersecurity in an urban environment. The digitalization of cities has led to a transformation of how services are delivered – providing compact guidance through the EWI guide to raise cybersecurity awareness of senior city officials and leaders is critical to keeping smart cities safe and secure.
Q: How are these topics relevant to global security and the current trends in cyberspace?
Modern urban areas will increasingly become recognized as the prime locales where digital activities will continue to evolve. IoT brings an entire host of new challenges as cities will face significant disruption due to complex services and technical dependencies. Ransomware targeting key city functions, such as emergency response communications or dispatching services is just one example. When complex, tightly coupled systems fail, there is potential for “failure propagation” – in a metropolitan area with millions of residents, the impact could be very significant.
We need to remind city leaders that cyber doesn’t end at the city’s border. What responsibilities do cities face when deploying IoT in critical functions? What are inward facing risks versus outward facing risks? These are issues that EWI and its partners delve into - what would happen if a city’s combined IoT devices would be orchestrated to attack another city, possibly in a different country?
Unfortunately, IoT deployment today, particularly in cities, is hardly assessed with an eye on global security implications. In terms of international security, one can easily think of scenarios where vulnerabilities in such connected devices could be exploited to further destabilize regional security in an area already smoldering with conflict. Again, cyber resilience is a critical tool to ask the right questions for assessing risk and building up capabilities and capacities to prepare respond and reinvent before, during and after a cyber incident.
Q: How is EWI playing a role to bring attention/push for cooperation/solutions to these topics?
EWI is engaged in a long-term process through its breakthrough group that focuses on key questions regarding cyber resilience, public safety, cybersecurity and privacy, as well as governance for smart city initiatives. Sister breakthrough groups focus on systemic risk and cyber insurance as well as on procurement requirements for ICT services and products and cyber supply chain risk – both of these broader issues are relevant in the context of securing smart cities.
Representatives of our corporate partners from the global ICT industry as well as government officials take an active part in the process. Most recently, we held the Palo Alto Progress Roundtable in early September, convening regulators, city officials, and industry experts from China, India, Russia, and the United States to discuss, debate and formulate potential solutions to these pressing issues.