Abierto al públicoBeyond BordersCaribbean Development TrendsCiudades SosteniblesEnergía para el FuturoEnfoque EducaciónFactor TrabajoGente SaludableGestión fiscalGobernarteIdeas MatterIdeas que CuentanIdeaçãoImpactoIndustrias CreativasLa Maleta AbiertaMoviliblogMás Allá de las FronterasNegocios SosteniblesPrimeros PasosPuntos sobre la iSeguridad CiudadanaSostenibilidadVolvamos a la fuente¿Y si hablamos de igualdad?Home
Citizen Security and Justice Creative Industries Development Effectiveness Early Childhood Development Education Energy Envirnment. Climate Change and Safeguards Fiscal policy and management Gender and Diversity Health Labor and pensions Open Knowledge Public management Science, Technology and Innovation  Trade and Regional Integration Urban Development and Housing Water and Sanitation

Ciudades Sostenibles

How to avoid being a victim of cyber-attacks?: New IDB guide for smart cities

por - - - - - Leave a Comment

Este artículo está también disponible en / This post is also available in: Spanish


Many aspects of our daily life, although we are not aware of it, are fully dependent on the proper functioning of the internet. A cyber-attack on a company, or a local public entity, a few years ago would have been almost anecdotal. However, as digitization increases, so does risk exposure and vulnerability to cyber-attacks.

On today’s blog we present a guide prepared by the IDB to help cities in Latin America and the Caribbean (LAC) be prepared for malicious attacks that put the security and development of your municipality. The IDB, as is evident in its “Vision 2025: Reinvest in the Americas“, is committed to innovation and the digitalization of our region as a key element for a sustainable and lasting recovery. For this reason, the security of digital platforms in our cities is a key element in achieving this goal.

Cyber ​​attackers take advantage of any unprotected access

We are increasingly dependent on the proper functioning of information platforms and technologies. Basic public services such as security, water supply, energy, or mobility are also. For this reason, the greater the digitization of our public services, the greater the risk that they will be victims of cyberattacks, which are more sophisticated.

Source: Markus Spiske Iar

Cyber ​​attackers are there, taking advantage of any unprotected access. Unfortunately, we are often overwhelmed by news of infrastructure hijackings: subway networks (New York, Sacramento), pipelines (USA), hospitals (London), emergency systems (Dallas), security cameras (Washington, District of Columbia), entire administrations sequestered and inoperative for weeks (Baltimore), parliaments (Australia) and a long etcetera. There are hundreds of thousands of daily cyber-attacks.

Why do cybercriminals attack cities?: Vulnerability

It is not easy at all to know the reasons why cybercriminals, cyberspies, cyberterrorists, cyberactivists attack us (political, criminal, economic or business or merely personal), nor to know who they are (private persons, criminal groups, companies, other countries) .

But why do they attack us? Because we are vulnerable. We are vulnerable due to software failures, infrastructures often obsolete, because we are not capable of knowing our vulnerabilities, or because we do not understand the smart city ecosystem.

We are vulnerable because it is not easy to govern and orchestrate the many public and private actors that act in the smart city. And many times, security fails because these many subjects either do not know or do not dare to share the information.

We are also vulnerable because we do not have strategies, plans, risk management or incident management. The human factor is above the technical elements.

Nor should we forget that we are vulnerable because we do not know or hire the specialized professionals that are required. And because we do not raise awareness, nor do we train managers, staff and the citizenry themselves in cybersecurity. This being the case, it is difficult to invest and explain to citizens why spending on cybersecurity is investing in the city.

The IDB Cybersecurity guide helps you prevent a cyberattack in your city

What should I do to protect my municipality from the risks of a cyber-attack?

To answer this question, the IDB has just published a guide whose objective is to provide knowledge and recommendations to help LAC cities protect themselves in cyberspace. With this publication, the IDB not only intends to raise awareness and put this concern at the forefront, but also offers guidelines for any city, large, small, or medium, to achieve maximum cybersecurity.

Download the guide for free here

.

How to prepare your municipality for possible cyber attacks

The first thing is to identify the assets to be protected and the actors involved. Likewise, it is necessary to self-assess, to know the real state of your city in terms of cybersecurity. To facilitate this self-assessment, the IDB offers you a Cybersecurity Self-Assessment Tool, completely free of charge.

From there, cybersecurity governance is needed that is integrated into smart city management and broader data management. To achieve this, it is necessary to try to know the playing field: the national policies and strategies that exist, the applicable legislation, as well as the internationally recognized cybersecurity standards and choose the most appropriate and possible for the city.

Source: Alvaro Reyes | Sammy Ayot

Once we know the playing field, we must appoint a security officer. This figure must have the support of the highest political leadership. In general, it takes a lot of effort to develop coordination and cooperation mechanisms. The strategic level must develop security policies, processes, procedures, and standards for all actors, and establish clear competencies. It must be clear who and what must do.

Municipal cybersecurity: a shared responsibility at all levels

This publication is especially aimed at the leaders of the cities of LAC, their municipal managers, and employees, as well as technical personnel in information and communication technologies.

All of them play an important role in protecting municipalities from malicious attacks. Below, we share the different roles and responsibilities for each of these three levels, without forgetting that all of them must work together with the same objective: to protect your city from cyber-attacks.

Source: Mario Gogh

MUNICIPAL LEADERS:

Leaders must put cybersecurity on the public policy agenda so they can allocate resources without waiting to be attacked. They must also reinforce actions with regulations, clear competencies and the institutionalization of leadership and bodies that have adequate resources. Leaders are key so that preventive measures are put into practice and do not remain forgotten “in the drawers”.

MUNICIPAL MANAGERS AND EMPLOYEES:

The secretaries and employees at the management level must know the systems and infrastructures that must be protected, to test the norms, policies and procedures by the organization and the private providers.

TECHNICAL STAFF:

And the technicians at the operational level must implement protection mechanisms such as identification systems, strong two-factor authentication, and access control; as well as anomaly detection mechanisms and capabilities to respond to incidents. In addition to these recommendations, the guide has grouped the entire cybersecurity technical apparatus, describing the cycle and steps to follow (management, identification, protection, detection, response, recovery, and self-assessment). The publication exposes, for a specialized audience, the technical elements of capabilities-based planning and the roadmap, as well as the main capability maturity models and cybersecurity, equipment, and technology functions.

In short, the vision, strategy and action of city leaders will determine their level of cybersecurity. We trust that the IDB guide will serve to raise awareness about this and be used as a tool to protect your municipality.

If you enjoyed this blog, sign up here to receive our monthly newsletter with all the blogs, news, and events from the IDB’s Housing and Urban Development Division. Likewise, we invite you to visit Gobernarte, the blog of the IDB Division of Innovations to Serve Citizens.

If you are interested in cybersecurity, we recommend you not to miss the following publication: Cybersecurity: Risks, Advances, and the Way Forward in Latin America and the Caribbean

*Authors listed in alphabetical order


Mauricio Bouskela

Senior Specialist in the Housing and Urban Development Division of the Inter-American Development Bank. Upon joining the IDB in 2008, Mauricio has been at the forefront of several multi-sector projects in Latin America and the Caribbean (LAC), leveraging innovative technologies for economic and social development. Mauricio has more than 30 years of successful work experience, including 13 years as Director for Latin America at Intel and 13 years at the IDB. At the IDB, he has carried out projects in more than 18 countries in the region and, since 2011, has led smart city projects, which aim to transform the LAC region into a region of smart cities. Recently, Mauricio coordinated the development of the "International Case Studies of Smart Cities" and the publication of the guide "Path to Smart Cities" (www.iadb.org/SmartCities). At Intel, Mauricio was awarded the "Intel Top Achievers Awards" and the "Intel Achievement Award" four times. At the IDB, he received the "Most Innovative Team" and "Starting Weekend" awards. Mauricio has a degree in Computer Science from the University of Campinas (Unicamp), a postgraduate degree in Marketing from Fundação Getúlio Vargas and an MBA in Finance from the Brazilian Institute of Capital Markets (IBMEC).

Gilberto Chona

Former Lead Specialist, Urban Development Economics. Inter-American Development Bank (Washington, DC). He was an expert in the formulation and supervision of action plans for urban regeneration in intermediate cities of Central America and the Caribbean. In 2015-2017 he served as Regional Coordinator for the Emerging and Sustainable Cities Program (ESC) in the Urban Development and Housing Division of the IDB. He also formulated and supervised studies and investment projects for urban regeneration, human settlements improvement, and affordable/sustainable housing in several countries. His 30 years of experience at the IDB include fiscal, institutional, and operational analysis in 14 countries in Latin America and the Caribbean. His areas of concentration were the fiscal sustainability of cities, leveraging private investment in cities, institutional governance of cities, and smart city solutions. He is an Urban Planner graduated from the Simón Bolívar University of Venezuela (1986) and has a Master in City Planning degree from the Massachusetts Institute of Technology - MIT (1991).

Lorenzo Cotino Hueso

Professor of Constitutional Law University of Valencia (Spain), Transparency Council of the Valencian Community (2015-), Magistrate of the Valencian Community TSJ (2000-2019). Doctor and graduate in Law (U. Valencia), Master of fundamental rights (ESADE), Graduate and Diploma in Advanced Studies Political Sciences (UNED). Awards: Extraordinary Doctorate, Ministry of Defense, Army, INAP and CAC. Visiting professor at Konstanz (Germany) since 2004 and at Externado, North University, Honorary Professor at the National University of Colombia, Catholic University of Cuenca, Ecuador; stays in Utrecht (The Netherlands) and Virginia (United States). Principal investigator of 15 research projects, member of another 21, author of 10 books and coordinator of 15 as well as 140 articles or scientific chapters. He has given more than 400 papers and conferences. Director of Regulation and Rights OdiseIA, Observatory of the social and ethical impact of artificial intelligence. He has chaired the Network www. Derechotics.com since 2004.

Ariel Nowersztern

Especialista Sênior de Segurança Cibernética no Banco Interamericano de Desenvolvimento, ingressou no BID em 2017. Suas responsabilidades incluem apoiar os governos da América Latina e do Caribe em aspectos ligados às suas iniciativas digitais nacionais, bem como em esforços específicos de modernização digital financiados pelo BID. Antes de entrar para o BID, Ariel também trabalhou como consultor autônomo para clientes dos setores público e privado.

Marco Emilio Sánchez Acevedo

Marco is a lawyer and has a doctorate in Information Society Technologies and Services – Public Law and Technologies line of research; He has a Master's degree in Cybersecurity and National Cyberdefense. Specialist in Administrative, Constitutional, Human Rights and Electronic Government Law. Currently, he is an external advisory attorney for public entities, so he has been able to contribute to the preparation of regulations that impact the use of information and communication technologies by the authorities. In addition, he is a consultant, teacher and author of several works on the subject of law and technology.

Editor: Daniel Peciña-Lopez

Daniel Peciña-Lopez is a specialist in international affairs, external relations and communication. He has more than 10 years of professional experience in diplomatic delegations, and international organizations in cities such as Washington DC, New York, Chicago, Madrid, Mexico City and Hong Kong, among others. Daniel is Master of International Affairs from Columbia University, Master of Science from the University of Oxford Brookes and Licenciado from Universidad Complutense de Madrid. In 2010 Daniel received the First National Award for Excellence in Academic Performance, from the Ministry of Education (Government of Spain) for being the university level student with the highest average GPA score in the country.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *