Cyber Defense for Infrastructure Partners
By Thomas Jenny, Senior Underwriter
Personal privacy infringement is bad enough. If the cyber walls of all-seeing operation centers are breached, it could cause disaster on an unprecedented scale.
Along with the risk, the potential consequences of malicious hacking are growing. Several nations are suspected of sponsoring hacking agencies, and Iran has even bragged publicly about hacking down an American drone. The threat of a political agent taking remote control of an operations center and the entire city infrastructure is very real.
Roads, bridges, tunnels, transport, power plants, water and waste facilities: Having the very physical foundation of our cities wired to an operations center exposes us to grave peril. Iran boasted about bringing down a single drone. Terrorists reveled in the 9/11 attack, which inflicted the largest terror death toll in history outside a war. Reducing an entire city to rubble must be at the top of the terrorist agenda, and nothing could accomplish this goal like hacking mission control.
A close second on the terror agenda, and the top target for financially motivated hackers, would be control of a bank. Nobody wants to prevent such a calamity more than the institutions themselves, however. So, although cyber attacks on banks around the world are chronic, the banks are vigilant in continuously updating security protocol. The risk is still there, of course. Cyber insurance is increasingly vital to protecting banks against losses that could shut them down, and bring all of their clients down with them.
The EU voted in March of this year on a directive which will compel government and all “critical infrastructure” providers—including energy, transport, banking, finance, and health—to set breach alerts and institute minimum cyber defense standards. The directive highlights the mounting number of channels subject to unauthorized access: search engines, social media platforms, payment gateways, cloud computing, software, and hardware. The EU plans to finalize the law by the end of 2014. When it is enacted, regulators will monitor all infrastructure providers for cyber defense vigilance, and sanction those found to be negligent.
When Cyber Defense Fails: Insurance
Insurance can mitigate the financial loss of a smart-city breach. Cyber insurance has existed for many years, but the recent media spotlight on system breaches has brought cyber exposure under closer scrutiny by business and government. Heavy losses can strike fast, and smart operation centers carry exponentially magnified cyber risk. Cyber coverage will have to grow substantially to protect companies brave enough to take on the responsibility of providing smart-city services.
Some of the cyber risks which insurance already covers are: technology services, professional liability, data protection, regulatory fines and defense, business interruption, technology-product liability, privacy notification and liability, network-security liability, media-communications liability, and cyber extortion.
However, our increasingly digitized world often makes it difficult to determine whether something truly qualifies as “cyber” exposure. Depending on the perspective, risk perceived as cyber exposure could actually fall under traditional coverage, like professional indemnity. The very image of the “web” shows how cyber risk silently overruns traditional risk and insurance silos. Every kind of damage, disruption, and loss is affected.
Insurers need to create integrated products across service divisions, to protect against hacking, viruses, crashes, and physical and non-physical business interruption. To do this, risk engineers and insurers will have to work with cutting-edge IT experts, to be able to analyze smart-city risk in depth: from the complex layers of risk already existing in public-private partnerships, to the physical infrastructure and the devices connecting it to the operations center, to the intricacies of the cyberscape, with its plethora of coding variations.
In this way, risk engineers and insurers can help businesses and governments to understand the impact that a failure of smart-city technology could have on security, privacy, and physical safety. As these technologies are placed at the foundation of our cities, it is no longer sufficient for IT departments to take sole responsibility for these risks. It is crucial that the entire organization knows what is at stake.
Overall, how do we weigh the risks and rewards of smart cities?
Click on the following link to read next topic:
Smart Cities: Mission Control
Page 1: How Smart is the Data ?
Page 2: The Watchful Eye
Page 3; A new Era of Security for Seniors and Other Vulnerable Groups
Page 4: Cyber Defense for Infrastructure Partners
Page 5: Smart City Risks and Rewards