Not a day goes by, it seems, that we do not hear news of a major cyber attack on people, organisations or governments.

Cyberspace is now not only the primary battlefield against criminal activity such as data theft or financial fraud, it is also the security frontline between competing nation states.

And as the Internet of Things and smart city technology connects machines and systems, infrastructure is emerging as a new front in the cyber war.

And the Middle East is under greater threat than any other region.

“Because the Middle East has so much financial strength, it will be attacked,” says Carey Smith, president of the federal business unit of US engineering giant Parsons.

“Everybody is at it,” says Smith. “In the US, the attacks are coming from China and Russia. In the Middle East, it is Iran. It is coming out all of the time, in different ways – different types of attack.”

Opportunity markets

As head of Parsons’ federal business unit, Smith deals with US federal government agency customers in the defence, environmental, infrastructure, security and intelligence services markets.

Her brief extends to cover the Middle East, which she describes as a major area of opportunity for the company.

“The Middle East in the next five years will be the biggest growth market for cyber investment,” says Smith.

“The US is currently the biggest market,” she says.“Saudi is the biggest growth market in region, then the UAE.”

“In sectoral terms, first it is oil and gas, then banking, then transportation,” she says. “These are followed by facilities – government and commercial.”

Critical infrastructure

Smith says that by 2020, more than 50 billion devices will be connected by the Internet of Things and protecting critical assets and infrastructure from hackers is a major priority.

“We are seeing the convergence of operational technology and information technology,” says Smith. “The biggest fear is of critical infrastructure in a key sector being attacked.

“The US has defined 17 vulnerable sectors, including utilities, banking, water and transport,” she adds.“Those are also top for the Middle East region, along with oil and gas, of course.”

With more than seven decades of experience in designing infrastructure, it is inevitable that designing cyber security into the asset is now a major aspect of Parsons’ work.

Smith says that it is essential that infrastructure owners think about cybersecurity from the very inception of a project.

“Part of the problem is it has to be looked at as part of a total comprehensive solution,” she says. “Owners have to think, ‘How do I protect my most critical assets?’

“There is an issue with the business model,” she says. “We continue to structure everything in a contracting model. Going to design-and-build contracts and even public-private partnerships – that is the next step.”

The supply chain is a huge vulnerability for owners,” she says. “Owners of complex projects would never be able to go through every supplier and prevent every threat.”