Technology, people and processes to improve cybersecurity

2021 was a very productive year for cyber criminals. We saw high profile breaches to Solar Winds, Colonial Pipeline and lots of other attacks with significant economic impact. Ransomware targeted large enterprises as well as small and medium businesses, but one of the most worrisome issues was the growing number of attacks towards cities, public bodies, critical infrastructures and supply chains.

Cities will be increasingly exposed to cybercrime. The threat keeps growing as a greater number of Internet of Things (IoT) devices are installed and connected, thus providing a larger attack surface for cybercriminals.

“Cybersecurity risks are an unfortunate by-product of the digital age,” says Gianni Minetti, CEO at Swiss technology company Paradox Engineering. “Unless we fully give up on innovation and digital transformation, we must admit 100 percent cybersecurity is an impossible goal”.

Cyber offenders are not all the same

According to the online survey Paradox Engineering carried out in Autumn 2021, city officers and utility managers believe smart streetlighting and smart waste management are the least attractive applications to hackers, who are thought to be more interested in public wi-fi, video surveillance, energy, water and gas distribution networks, and traffic control.

“We should look at attractiveness from a different perspective”, suggests Minetti. “Connected streetlights, parking sensors and waste bins may not fascinate money-oriented criminals, but even a single LED lamp or smart sensor may become an access point for an attack with a different purpose”.

While “traditional” cybercriminals aim at violating systems and applications to steal money, there are hacktivists using attacks as a form of civil disobedience, espionage experts looking for industrial secrets or intellectual property, and cyber warriors carrying out digital assaults to attack nations and governments.

In this gloomy scenario, the realistic goal for cities is being 100 percent cybersecurity aware and investing in risk mitigation.

Robust cybersecurity isn’t down to technology alone

Cybersecurity is a lifelong journey: selecting and implementing the most secure technology is just the first step. Paradox Engineering matured a security-by-design approach to have security built into its IoT solutions from their very inception.

“In our experience, security can’t be added at the final stage of development. We think about infrastructure and application protection from the beginning to provide cities with intrinsically secure network systems,” continues Gianni Minetti.

While the security-by-design approach proved to be effective, independent surveys say 90 percent of security breaches come out of inadvertent human errors. So, people need to be constantly trained to improve their skills and keep their attention high.

Last but not least, security must be a cyclic process that starts from understanding the assets and the associated risks, applying measures to reduce the risks, preventing the known threats and being ready to detect and respond to unknown threats. Vulnerability can seep in at any stage and cities must be prepared to manage it through checked processes.

Paradox Engineering is completing the assessment for readiness of its new Security Operation Centre (SOC), serving customers to effectively monitor, support and respond to cyber threats and incidents. The SOC will provide a dedicated team with proven expertise and innovative tools to monitor the status of operating customer infrastructure, send immediate alerts in case of abnormalities or suspicious behaviours, and detect and quickly highlight possible vulnerabilities. It will also act as an incident response centre by collaborating with other SOCs or Computer Emergency Response Teams.

“The SOC will be highly beneficial for cities and utilities. As we said, cybersecurity is not merely a matter of installing the best possible technology – it requires constant monitoring, learning and a close collaboration, especially as threats become more frequent and serious”, says Minetti.

About Paradox Engineering

Paradox Engineering is a technology company that designs and markets Internet of Things solutions for open cities and other smart environments. Established in 2005 and headquartered in Switzerland, the company is the IoT Excellence Centre of MinebeaMitsumi Group, leading global provider of Electro Mechanics Solutions™, and controls Tinynode, which specialises in smart parking technologies.

For further information, please visit www.pdxeng.ch