CyberSecurity in Smart Cities: A Case Study from the UAE

Researchers from Zayed University reviewed the state of cybersecurity awareness and common practices in the UAE, and have uncovered that 21% of participants in a survey have fallen victim to cybercrime in the past, and that 21% of organizations in the UAE seem to not have a consolidated cybersecurity plan for their smart services in cities.

Urbanization is a globe-encompassing process, with more than two-thirds of humanity expected to live in cities by 2050. All that mass of human beings will require certain services: from smart food delivery to authentication and payment on the go, and efficient public and private transportation. Residents will also expect that their privacy be kept safe, and that the large amounts of data being collected from their activities won’t be released to the public or to cyber-criminals.

While many cities are well into the process of becoming so-called smart cities, the municipalities often do not know how to handle data protection and enforce it on firms that provide services in the area. As a result, smart buildings, appliances and services ‘leak’ data: a smart building may reveal the type of appliances that are being used inside, while an app used to communicate with buses may uncover the user’s whereabouts.

Criminals understand many of the vulnerabilities of smart cities and have no qualms with taking advantage of them. However, the vast majority of cyber-criminals do not invent new hacking techniques, but instead use highly-effective techniques that have been proven before. All they need is an opening in the cyber-security wall that every firm should erect between its data and the World Wide Web.

While firms dedicated to making cities smarter often deal with state-of-the-art technologies like artificial intelligence, blockchain and sensors, they are just as often lacking in protecting their systems from outside intrusion.

There is much interest in the United Arab Emirates in making cities smarter. The nation is implementing a set of apps called m-government, to help citizens obtain easy access to the government services. Similarly, the national ID smart card can serve for identification purpose when dealing with health services, as a payment method, debit card, and can even be used for checking-in at airports.

One question, though, still remains open: how well-defended are all of these smart services?

To answer that question, Abdallah Tubaishat and Mariam Al Jouhi from the UAE Zayed University, have analyzed the UAE as a case study. They explored the safeguards that protect data, the policies that oversee cyber-security, the monitoring level over the cyber-arena, and finally – ways in which users can defend themselves from data leaks, by receiving proper training.

Dr. Abdallah Tubaishat, Zayed University

The researchers created a survey which was sent to 200 experts in cybersecurity in the UAE, with a response rate of 74%. The experts were asked several questions designed to assess their knowledge about and expertise in in cybersecurity.

Surprisingly, when the experts were asked about their own experience with cybercrime, 21% reported they were victims of cybercrime in the past, with 8% reporting that they were attacked more than three times. A follow-up question was whether the cyberlaws that are being introduced today can control cyber criminals and reduce cyber-crime. Of all experts, 79% agreed that the cyberlaws can be effective, with 18% choosing “neutral”, and 3% more disagreeing with that statement.

Finally, the participants were asked whether their organization is planning a smart city initiative, or currently contributing to one. Only 33% replied with a firm “yes”, with 16% more thinking that their organizations have a plan – but haven’t launched it yet.

Generally speaking, it seems that 79% of the UAE government agencies and firms in the private sector are implementing security strategies for their smart services to protect their data.

While these results are generally encouraging, it is clear that further effort needs to be put into cybersecurity, both at the policy and the boots-on-the-ground level. The fact that only 79% of entities in the cyberspace are implementing security strategies is highly alarming, since that means that 21% are not quite there yet – which could have catastrophic consequences for the entire system, and demolish residents trust in their smart cities.

As we go into the world that science fiction has long envisioned for us, with smart cities and smart services surrounding us all, we must remember that “when everything is connected, everything is vulnerable”. Cybersecurity must remain one of the top concerns of every organization and government agency, if we wish to maintain people’s trust in the bright and wonderful world that the future has to offer to us.

Original content by Nawartna

Leave a Reply

%d bloggers like this: