|
 
 |
| ORIGINAL ARTICLE |
|
| Year : 2016 | Volume
: 1
| Issue : 1 | Page : 27-32 |
|
Cyber insecurity as a manifestation of new form of global urban vulnerability
Aliyu Salisu Barau
Department of Urban and Regional Planning, Faculty of Earth and Environmental Sciences, Bayero University, Kano, Nigeria
| Date of Submission | 22-Mar-2016 |
| Date of Acceptance | 26-Apr-2016 |
| Date of Web Publication | 7-Oct-2016 |
Correspondence Address:
Dr. Aliyu Salisu Barau
Bayero University, Kano
Nigeria
 Source of Support: None, Conflict of Interest: None  | Check |
Introduction: As unprecedented urbanization continues to unfold; cities increasingly depend on the expanding internet of things (IoT). Cyber-attacks and insecurity are the emerging challenges that remain least investigated.
Methods: To address this challenge, an online survey was conducted to gain insights from experts resident in 32 cities from Europe, North and South America, Africa, Asia, and Australia. The issues covered in the survey include types of devices for accessing the internet, time spent accessing the internet, extent of city dependency on IoT, feeling about cyber-attack threats, services most vulnerable to cyber-attacks.
Results: The study concludes that vulnerability of urban population to cyber-attacks is inevitable at present. As more people and cities are connected to digital devices the more, they comprise their privacy and security. Unlike conventional urban vulnerability, the knowledge of managing cyber vulnerability is limited to a few individuals and corporations.
Conclusion: To promote the culture of cyber-attack resilience, people need to understand the basic ideas behind malware (viruses, worms, and trojans) and cryptography. Keywords: Internet of things, population, transformation, urban, vulnerability
How to cite this article:
Barau AS. Cyber insecurity as a manifestation of new form of global urban vulnerability. Imam J Appl Sci 2016;1:27-32 |
| Introduction | |  |
Cyber-attack encompasses “unauthorized trespassing, theft, denial of services attacks, and malfunctioning in any system dependent on the network, including a nation's critical infrastructures.”[1] Compared to the 2000 statistics on the number of world internet users which stood at 360,985,492, the most recent figures released by the Internet World Statistics showed that in 2014, the global internet access has reached 7,181,858,619.[2] Invariably, this shows how the global population is increasingly depending on the Internet for running daily life. Hence, it is may not be wrong to assume that most of the internet users live in urban areas where more than half of the world population already lives. By implication, the life of urban dwellers and the critical urban infrastructural system are being transformed and affected by the current global digital revolution. Thus, cyber-infrastructure plays a critical role in addressing the present and future complex urbanization process.[3] Therefore, it is very important to understand how the rapidly growing cyberspace affects urban systems and particularly the urban population.
Traditionally urban vulnerability discourses center around people and cities exposure to various forms of human and natural disasters. These issues are being addressed at global level among others through initiatives such as hyogo framework of action and the Integrated Research on Disaster Risk Programme.[4] In spite of the increasing dependency of cities on the internet, the effects of cyber-attack on cities are yet to receive the desired attention. In other words, urban vulnerability, resilience, and sustainability research communities are yet to recognize cyber-attacks as potential sources of new forms of urban vulnerability. In contrast, sociologists and computer experts have recognize cyber-attack risk and link them to the concepts of vulnerability and terms such as cyber resilience.[5],[6]
As the world continues to urbanize rapidly and cities increasingly depend on the so-called internet of things (IoT), the effects of cyber insecurity remain least investigated at least by urban researchers. In view of urban complexities and increasing dependency of urban population on the IoT, it is hardly possible for any given type of city to be immune to the direct effects of cyber insecurity. Policymakers and scientists cannot afford to ignore the implications of cyber-attacks on urban IoT. This study explores experts' views from across 32 cities from different global regions to ascertain learned people's perception of threats cyber insecurity on cities. The study can help in developing strategies to respond to the effects of cyber insecurity and its direct and indirect relation with urban vulnerability and resilience.
Conceptualizing city's vulnerability to the internet of things
This section establishes link between the rapidly expanding global digitization, massive internet dependency, threats of cyber-attacks, and how these processes can affect cities. The thing in IoT refers to “easily readable, recognizable, locatable, addressable and/or controllable via Internet.”[7] It is estimated that by 2025 there would be 1000 devices per person, which would make the number of connected things to exceed 7 trillion and most of them would be for running infrastructure.[7] This represents a huge social and technological transformation that has enormous and direct effect on global socioeconomic systems including cities. There is hardly any city or urban area regardless of its geographic location or economic position that is not immersed in the cyberspace of necessity. Cities will continue to depend on the IoT in driving their services. Hence, it is important to understand how urban people perceive the threats of IoT and the extent to which they are exposed to the IoT by virtue of their increasing usage of computerized devices to access, share or deliver multiple forms of information, and services [Figure 1]. | Figure 1: People and internet of things usage and dependency (adapted from Borgia, 2014)
Click here to view |
IoT is about one of the most of the critical innovations that bring about radical transformation of cities. Thus, regardless of whether a given city is smart or traditional in its planning design and functions, there could still be small or big elements of IoT driving it. In other words, this innovation affects cities and their population in a number of ways. For instance, population of poorer and technologically less advanced urban areas rely on mobile phone to connect to social media and to access and other numerous information services. At present, urban population in many countries depend on the internet-based facilities to access critical infrastructure that relates to economy, business, governance, transportation, public safety and security, energy, water and sanitation.[6] However, there are some risks associated with this form of information revolution. Cyber insecurity is one of the most common risks of IoT-based global transformation but explanations of how it affects urban system remain least investigated from urban vulnerability's point of view [Figure 2]. | Figure 2: Conceptual framework of urban vulnerability to internet of things
Click here to view |
A number of cyber security organizations reveal that 75% of businesses and individuals have experienced cyber security breach in different forms such as information theft, decline in productivity, or loss of customer trust.[1] The latest figures by McAfee and the Center for Strategic and International Studies put the estimate of the costs of cyber-attacks to range $300 billion to $1 trillion.[8] These include direct financial loss from cybercrime, loss of intellectual property, classical information, costs of service disruptions, reduced trust online, additional cost of securing networks, and expenditures for recovery.
The main sources of cyber-attacks are from national/multinational espionage cyber wars, corporate espionage, disgruntled persons such as employees, activists, terrorists, and other criminal syndicates.[1] Cyber-attacks come in three forms: (a) Capture attacks, (b) disrupt degrade, deny destroy, and (c) manipulate.[9] In capture attacks, the attacker tries to gain control of the system logic and target to capture essential information. In the second type, the main aim is to shut down a system. For the third type, attackers usually manipulate information flow through physical damages or try to take advantage of the system through various forms of interventions on the system operation.
Apart from the risks of information theft, denial of service and manipulation, public privacy is also at risk of electronic eavesdropping which can be perpetrated remotely.[9] In what shows the enormity of cyber-attacks, McAfee recently disclosed that it detects 200 new cyber-attacks per minute.[10] Just like natural disasters can come abruptly to bring down cities, cyber-attacks can do the same in the event critical infrastructure depending on the IoT is attacked successfully. For instance, denial of transport, energy, security and safety, banking and finance can make life very uncomfortable for residents of cities. Such damages could be costly as they can trigger social, political, and economic shocks. In what demonstrates what cyber-attacks can do to cities, some researchers suggest that cyber terrorism could undermine safety, security and search, and rescue operations that have recently depended heavily on the information and communication technologies.[11] Another way to view or link cities to the risk of cyber-attacks is by looking at how phishing or spam E-mails add to energy consumption. According to the Guardian newspaper, spam mails consume 33bn kWh of electricity which is equivalent to about 20 million tons of CO2 emission per year.[12] The picture of the sprawling risks of electronic trespassing is huge to the extent that some 14.6 trillion spam mails that account for 91% of all E-mail traffic were detected in 2010 alone.[13]
Considering the increasing number of internet access and dependency of urban systems on the IoT, it is imperative to establish linkages between the urban population, urban systems, and types of risk and vulnerability to cyber-attacks. Here, an attempt is made to represent the concept of urban vulnerability to the growing threats of IoT [Figure 2].
This conceptual framework illustrates the connections and relationship between urban areas, IoT, and public vulnerability in light of the need for identifying critical resilience pathways to mitigate the effects of the threats on the unsuspecting member of the public. In other words, cyber security needs to be absorbed into the integral part of urban sustainability and resilience to disasters.
| Materials and Methods | | |
This study drew its data via an online survey administered through an online research vendor, namely, Survey Monkey (www.surveymonkey.com). Principally, the close-ended questions asked in the survey constituted the main study variables. Thus, the questions included the city of residence, types of devices used for accessing the internet, time spent accessing the internet, extent of city dependency on IoT, feelings about cyber-attack threats, services most vulnerable to cyber-attacks and gender dimensions of cyber-attacks. Some 32 experts drawn from 32 cities in Africa, Asia, Australia, Europe, North America, and South America participated in the survey. Out of the total number, 16 of the participants were the 2014 International Social Science Council (ISSC) appointed World Social Science (WSS) Fellows (Sustainable Urbanization II) who participated in sustainable urbanization seminar in the city of Taipei in Taiwan. The author met these urban experts personally and sought for their consent to participate. After accepting to participate the survey, link was sent to their individual E-mail or Facebook accounts. The 16 WSS fellows were selected because in the opinion of ISSC they were “outstanding and talented young scholars.” They include mostly PhDs, associate/assistant professors, and lecturers with relevant experience and publications in the field of sustainable urbanization. All the 16 WSS fellows completed the survey. The other 16 experts included ten academics six public and private sector experts on urban development, medical sector, civil engineering, policy, security, banking and finance who were on the authors Facebook friends list. The link to questionnaire was sent to each of them through Facebook. It is important to mention that the actual number of experts targeted was 40. Hence, the response from the 32 was encouraging. In analyzing results of the survey, the author used, iNZight for Data Analysis. University of Auckland. Available from: https://www.stat.auckland.ac.nz/~wild/iNZight/index.php. [Last accessed on 2015 Feb 12]. statistical package in comparing results computed by the Survey Monkey. The statistical package helped in giving inferences and comparison between variables.
On the other hand, it is important to stress that the selection of experts was largely determined by the type of city of their origin or residence. Hence, the selection of the experts also represented the diversity of cities in terms of their location (continent, region), spatial, and demographic sizes as well as functions (economic, administrative, and cultural). The main purpose of the survey was to measure cyber-attack vulnerability perceptions from the 32 cities that have remarkable social, cultural, economic, and historical differences. In a few cases, due to the researcher's limited outreach to experts in many countries, some countries were represented by more than one city as shown in [Table 1] where the UK was represented by 4 while the US, the UAE, China, Nigeria', Malaysia, and Australia were represented by experts from two cities. However, even in this situation, the cities are different in tiers of their demographic, spatial, cultural, and economic functions.
| Results and Discussion | | |
Cities vulnerability to the internet of things
The experts shared their experiences based on examples from small, medium, and large cities including those rated as megacities in Africa, Asia, and Latin America [Table 1]. It is obvious from the experts' opinions that infrastructure development, urban planning, and technological development and their integration with IoT varied between the selected cities. However, in what showed the overarching role of IoT in cities and towns, 90% of the respondents said their daily life including some essential services depended on the internet. This situation reaffirms the observation made by Townsend (2013) that smart cities are being crafted out of apps from every purpose we can imagine and in every imaginable configuration and scale.[14] The author maintains that the transformation of cities by the IoT though is just starting, but its effects on cities are astounding. In other words, one may argue that considering the rising role of the digital revolution, all cities can be described as smart though their smartness varies with their extent of applications of technologies that integrate IoT into infrastructural services and also the extent to which the population uses the internet. Invariably, IoT has made all cities vulnerable since “a motley assortment of activists, entrepreneurs, and civic hackers are tinkering their ways towards a different kind of utopia.”[14] By this situation, cities and their populations are exposed to the risks of activities these digital agents.
Types of devices for accessing city internet of things
Another good way to understand the extent to which people are vulnerable to cyber-attack is by trying to understand how they are embedded in the internet through types of devices that they use. The majority of the respondents used more than one device to access the internet. For instance, 29 respondents indicated that they used laptop making it the most common device among the experts. At the same time, 27 respondents combined laptops with smartphones. Desktop was following in the third position while tablet came last. Interestingly, this pattern was common to all the regions surveyed. The combination of different platforms pointed to the intensity of internet usage among individuals. For instance, since desktop computers are stationed in places of work; on the other hand, laptops are movable to various locations and tablets and smartphones are mobile and can be used more easily everywhere connection to the internet is available. The more devices people use, the more embedded they are into the IoT and the more susceptible they are to all forms of cyber-attacks. At the moment, cyber-attacks such as phishing and identity thefts worry people and yet as opinions from this study suggested some people mostly from technologically advanced and rich cities felt that they were relatively secured perhaps due to security system that they use and trust. However, this level of trust can be punctured seriously. For instance, the 2006 cyber-attack in Chicago shows that a single bug can cause a system wide shut down that cause large-scale service disruption that generates trickle effects on several social and economic system.[15]
Time spent accessing the internet and threat of cyber-attacks
Based on the responses received, more than 50% of the respondents spent up to 10 h using the internet while 16% spent more than 10 h. In general, the experts from developed and high-income economies spent more time on the internet. The findings also revealed that people living in megacities also spent longer time accessing IoT [Figure 3]. Although time spent using the internet does not in itself determine the extent of vulnerability of attack, it implies the extent to which a person can be affected when there is attack on internet sources such as WiFi spots which among the key targets for cyber-attacks in cities and urban areas. In effect, attack on WiFi spots can disable some workers and many people in cities from connecting to internet services for a number of daily urban activities and services including those than can be conserved as private or personal.
According to the study findings, 70% of the respondents perceived their vulnerability to cyber-attack as low level while only 30% of the respondents thought cyber-attack risk as high level. The picture of relations between the levels of cyber-attack perceptions, time spent on IoT as illustrated in [Figure 3]. It was obvious that those who perceived the threat of cyber-attack as low corresponded with those who used it more often and these were mainly respondents from technologically advanced cities.
It has been observed that global internet access is rising rapidly,[2] but this must be seen in light of time that people spend on the internet. People increasingly depend on the digital infrastructure and services which means the future of cities and their population is being transferred to the hands of few people and organizations with exclusive knowledge system on IoT. This situation is a big threat considering uncertainties and human factor where disgruntled individuals and groups may decide at any time to manipulate, disrupt, or deny services.[1],[14],[15] In such a scenario, the functions of city IoT may cause catastrophic consequences on urban population and services.
Gender and exposure to cyber-attack based on time factor
Time spent on using the internet may determine the frequency of exposure to attacks including phishing and frauds by individuals. Looking at the gender dimensions of vulnerability to cyber-attacks, the findings of the survey showed that there was no significant difference between males and females in terms of time spent using IoT, although men slightly spent more time (exceeding 10 h/day) compared to women who dominated those people who spent 5 h. However, compared to women, men also dominated those using IoT for 2 h in a day [Figure 4]. Here, it is important to stress that there could differences in terms of activities, sites visited, and dependency between males and females. Thus, effects of cyber-attack may also vary between the two gender groups.
Urban services most vulnerable to cyber-attack
The experts' perceptions reflected what they thought were the services most vulnerable to cyber-attacks in their cities. The findings illustrated in [Figure 5] are very interesting in the sense of opinion on cyber vulnerability in cities.
It was reported previously that 70% of the respondents indicated that they were not highly threatened by cyber-attacks [Figure 3]. However, in responding to the question on services most vulnerable to cyber-attack, 90% of the experts suggested that their cities depended on IoT and identified some of the most vulnerable services. In this regard, 80% of the respondents indicated that banking and finance as the most vulnerable sector. On the other hand, the least was intelligent transport system. In other words, at the moment, financial businesses have predominantly captured cities in both developed and developing economies and small and big cities. In light of the increasing IoT inroads, it is very possible that in the coming years more and more cities in the developing countries will continue to embrace IoT in several other sectors of urban life.
| Conclusion and Recommendations | | |
Understanding city vulnerability to IoT is one area that is yet to receive sufficient attention from policymakers and urban resilience and sustainability research community. Cities by their very nature are resilient and hardly collapse no matter the weight of challenges confronting them.[16] This paper argues that cities in most parts of the world experience one form of natural and human disaster and over the time they have successfully developed one of the forms of resilient strategy or the other to cope with the situation. The coming of IoT has revolutionized the local and wider social, economic, and spatial networks within cities and between cities. This has no doubt improved life in cities significantly and dramatically. However, in contrast to conventional urban vulnerability discourse where policymakers and communities have some practical knowledge and experiences of handling the situation, in contrast, the knowledge of risks of cyber-attacks and its management is confined to a handful of people mainly computer experts. Therefore, future cities and their population will be at the mercy of individuals and corporation with the technological knowledge to make or mar cyber threats. Now, IoT are becoming necessity or all cities. It is obvious that as more people get connected to digital devices the more, they comprise their privacy. The more a city intensifies its IoT, the more it compromises its security. To promote the culture of cyber-attack resilience, this paper strongly recommends that people living in cities need to understand basic jargons about cyber security. For instance, basic knowledge types of malware (viruses, worms, and trojans), encrypting and basics knowledge on internet security, and cryptography are essential.
Acknowledgment
The author wishes to thank all the respondents who took part in the data collection for this study. Special thanks also goes to the ISSC Paris for creating the opportunity for the author to meet half of the respondents.
Financial support and sponsorship
Nil.
Conflicts of interest
There are no conflicts of interest.
| References | | |
| 1. | Wheeler DL. Understanding cyber threats. In: Andreasson K, editor. Cybersecurity – Public Sector Threats and Responses. London: CRC Press/Taylor and Francis; 2011.  |
| 2. | |
| 3. | Li W, Li L, Goodchild MF, Anselin L. A geospatial cyberinfrastructure for urban economic analysis and spatial decision-making. ISPRS Int J Geoinf 2013;2:413-31. |
| 4. | McBean GA. Integrating disaster risk reduction towards sustainable development. Curr Opin Environ Sustain 2012;4:122-7. |
| 5. | Deibert RJ, Rohozinski R. Risking security: Policies and paradoxes of cyberspace security. Int Polit Sociol 2010;4:15-32. |
| 6. | Symantec Corporation. Transformational “Smart Cities:” Cyber Security and Resilience. Mountain View, California: Symantec Corporation; 2013. |
| 7. | Borgia E. The internet of things vision: Key features, applications and open issues. Comput Comm 2014;54:1-31. |
| 8. | MacAfee and Center for Strategic and International Studies. The economic impact of cybercrime and cyber espionage. Santa Clara: MacAfee; 2013. |
| 9. | Covington MJ, Carscadden R. threat implications of the internet of things. In: Podins K, Stinissen J, Maybaum M, editors. Proceedings of the 5 th International Conference on Cyber Conflict. Tallinn: NATO CCD COE Publications; 2013. |
| 10. | Yorozu Y, Hirano M, Oka K, Tagawa Y, Electron spectroscopy studies on magneto-optical media and plastic substrate interface. IEEE Transl J Magn Jpn 1987;2:740-1. |
| 11. | Cole LA, Connel ND. Local Planning for Terror and Disaster: From Bioterrorism to Earthquakes. Hoboken, New Jersey: Wiley-BlackWell; 2012. |
| 12. | |
| 13. | Jordan JM. Information, Technology, and Innovation: Resources for Growth in a Connected World. New Jersey: John Wiley and Sons; 2012. |
| 14. | Townsend AM. Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia. New York: W.W. Morton and Company; 2013. |
| 15. | |
| 16. | |
[Figure 1], [Figure 2], [Figure 3], [Figure 4], [Figure 5]
[Table 1]
|
Search Pubmed for