EUROCITIES on becoming cybersecure

  • knowledge society

October is European Cyber Security Month (ECSM), and we are using this as an opportunity to highlight why cybersecurity is an increasingly important issue for cities.

City infrastructure such as smart grids and traffic control sensors are among key targets for cyberattacks. The manipulation of systems such as traffic lights or electronic road signs can have serious implications and lead to public safety issues. Increasing dependence of different sectors on ICT solutions, as well as the interdependence between current and future infrastructures makes cities more and more vulnerable to cyberattacks. Cybersecurity incidents have the potential to disrupt the supply of essential services such as water, healthcare, electricity or mobile services. Failure of these systems could have a considerable impact on the functioning of critical public services resulting in economic turmoil and social consequences for citizens and businesses.

Cities are also dealing with large amounts of data on a daily basis, which they must govern with transparency, responsibility and connectivity across multiple channels in order to stay functional. As part of their digital strategies, many city authorities are engaged in awareness-raising activities on cybersecurity as well as providing education and training programmes for the next generation of cybersecurity professionals. When it comes to handling data, a new EU General Data Protection Regulation (GDPR) will oblige local public authorities to implement new measures by May 2018, which should ensure more stringent standards of transparency, liability and security.

So what are cities doing to face up to the challenge?

Estonian cities such as EUROCITIES member Tallinn use an information security standard developed for the Estonian public sector and based on German information security standards. ISKE5 aims to ensure a sufficient level of security for all data processed through IT systems by implementing standard organisational, infrastructural and technical security measures.

City authorities are increasingly developing strategies alongside programmes to prevent and mitigate cyber threats. These strategies are often carried out in coordination with regional and national authorities and involve local private actors.

Mandatory internal guidelines for information security have been in place in Stockholm since 2010. These provide system owners in the city with an information classification model, which enables city officers to easily identify which level of security is required when establishing a new information system.

As cities become more reliant on ICT solutions and incidents of cybercrime inevitably increase in volume and sophistication, it is important that cybersecurity is treated as a priority at all levels to keep European cities and their citizens safe and secure.

For information on October’s Cybersecurity month, please refer to the ECSM website:

EUROCITIES staff contact

Federica Bordelot