Published on November 11th, 2022 📆 | 5420 Views ⚑
0Cybersecurity is a key topic for Europe’s Digital Decade
11 November 2022
According to Surfshark, data breaches have risen globally by as much as 70% from July through September. Europe alone recorded 52 million individual breaches during this period. However, secure, performant, and sustainable digital infrastructures are at the basis of Europe’s Digital Decade. In other words, cybersecurity is a hot topic and cities all over the continent are concerned.
Cities increasingly leverage the potential of digital tools and technology to organise processes and deliver services to locals. They play a connecting role in complex ecosystems, offering services across domains in public and private partnerships.
Jose Ángel Álvarez, Head of the Cybersecurity Centre of the City of Madrid, said during the Eurocities Digital Forum, which took place in Madrid on 4 October, that “when you think in terms of a city, the challenges to guarantee cybersecurity are many.” In Madrid, 3.5 million people live in the city, and 5 million commute daily. It’s an amazing challenge to keep all of them safe.
“Cybersecurity failure is considered a growing global risk. The city is a complex and dynamic environment, with a lot of actors, infrastructures, private companies, public entities, and local, regional and national entities, all providing services in the same physical and digital space,” explained Álvarez, adding that “major cities in the world are deploying millions, even billions, for smart and intelligent devices – smart grid, smart lights, smart sings, etc. And we must guarantee the security of such devices.”
What does a city need in terms of cybersecurity?
Quite a lot. Álvarez explained that, in the first place, “strong leadership and commitment from the top hierarchy and management of the local government. It’s not just about support. They have to understand the importance of cybersecurity and the risk posed to the city by hackers, for example.”
Also, cities need a “plan, such as Madrid’s cybersecurity strategy, which includes goals, strategic objectives, allocation of resources, etc.” Between 2019 and 2022, Madrid has seen an increase of 150% in the workforce with knowledge of cybersecurity. Cities should tap into these talents and hire the most skilled personnel. Álvarez also highlighted the need for coordination both with entities providing city services and with the national cyber authorities, and collaboration between peers, such as Spanish and European cities, to exchange ideas, procedures, best practices, etc. “And finally, we need an integrated approach to identify, protect, detect, respond and recover,” he added.
In the end, a city needs a ‘real security’ focus, which anticipates basic, medium and difficult attack paths and develops solutions for them; discovers weaknesses and vulnerabilities before attackers do; does 24×7 detection and response; and works towards resilience.
Armed for the fight
The Eurocities Community of Practice on Cybersecurity is one of the tools cities have to deal with cybersecurity issues and challenges. Its main goal, explained Joab de Lang, Cybersecurity Strategist, at the Municipality of Rotterdam, “is to collaborate by sharing experiences, such as, how to cope with attacks or what are the challenges to implementing a cybersecurity strategy, or how to keep people and companies safe. The community also wants to contribute to European policies on cybersecurity.”
De Lang started the Community of Practice on Cybersecurity along with Danijel Antonic, from the City of Rijeka, and they both contributed to the discussions at the Eurocities Digital Forum in Madrid.
Safe means included
Mentioning the threats, de Lang noted that “based on data from 2021, 2.5 million (17%) of the population of the Netherlands were victims of online crime. And 1 in 5 Dutch entrepreneurs got attacked that same year.”
“A large portion of our population has been victimised by cyber attackers. Yet online safety is a fundamental value and a prerequisite to digital inclusion today. If people don’t feel safe, they won’t participate in the digital world, and the digital divide will grow,” he said.
Therefore, it’s important not only to invest in cybersecurity but also in digital inclusion. “If people don’t feel safe in the digital world, they will not participate, so it’s a prerequisite to have digital inclusion,” said de Lang.
He also reminded us that today we can speak of ‘crime as a service,’ that is, “criminal groups are specialised on parts of the hacking process, and if we want a fighting chance, we need to work together. Only when we organise better than them, we can protect cities and locals.”
With some optimism, he hopes that investments are focused on detection and not on prevention. “You know you will get hacked, and of course, you need a basic level of security, but you shouldn’t put all your money on prevention because you can’t always prevent an attack,” he explains. “It’s a good idea to invest more money in detection, so it won’t impact the usability of applications once it reaches the public.”
Cyber crimes have a devastating effect and impact on the physical world as the digital and physical are intertwined and, said de Lang, “with cities offering more and more online services, the importance of cybersecurity grows. Every country in the EU has a National Cyber Security Strategy, but cities need a cross-sector approach to cybersecurity, as threats don’t stay in silos. Attackers hack one institution or area to get to another. Therefore, there’s a need to engage actors across sectors.”
Gloss