Cyber Risk Mitigation for Smart Cities

Similar documents
Building Your Security Operations Center and Taking it to the Next Level

Shielding Enterprises from Evolving Cyber Attacks with a Digital Security Framework

Getting the Most out of IoT with an Effective Data Lifecycle Management Strategy

Strengthening Privacy Protection with the European General Data Protection Regulation

Innovation Labs. White Paper. Accelerate Your Digital API Program

Transforming Railroad Asset Management: Going Smart with Predictive Maintenance

Big Data Capacity Planning: Achieving Right Sized Hadoop Clusters and Optimized Operations

Continuity Logic Frontline Live

Demystifying IaaS Adoption for Enterprise Applications

Landscape in the Making

Serverless Computing: A Compelling Opportunity for Today s Digital Enterprise

Data Governance Simplifying Machine Learning Model Deployment

Making Software Inclusive and Accessible

The Threat Hunting Route to Predictive Cyber Security

Multi-drone four-dimensional flight constraint management

Gaining Ecommerce-like Simplicity within a Drone-As-A-Service Framework

Leveraging Meta Data Management: Powering Cognitive Automation in Clinical Trial Processes

Device-as-a-Service Model: Key to Workplace Transformation in the High Tech Industry

Service Oriented Enterprise Architecture and Service Oriented Enterprise

Data Protection: Your Choice Is Simple PARTNER LOGO

Robots in the Back Office: The Future of Recruitment Enterprises

1 Enterprise Modeler

Security Solutions SALES GUIDE. for Connectivity Data Center Applications & Content. Your JUNIPER NETWORKS dedicated Sales Team

Data Warehousing. Paper

CA Top Secret r14 for z/os

n Learn how resiliency strategies reduce risk n Discover automation strategies to reduce risk

Reaching for the Sky: Using Drones to Propel the Mining Industry Forward

Intelligent Systems in Retail. Powered by Windows Embedded

MANAGED! PREPARE TO BE FEATURES HANDHELD USER DISPLAYS. Specifications MEASUREMENT STABILIZATION INDICATOR

Going Mobile with. SYSPRO Espresso

Security and Communication. Ultimate. Because Intercom doesn t stop at the hardware level. Software Intercom Server for virtualised IT platforms

1100 Appliances. Big security for small branches. Datasheet: Check Point 1100 Appliances FEATURES BENEFITS GATEWAY SOFTWARE BLADES

TruVu 360 User Community. SpectroCare. Enterprise Fluid Intelligence for Predictive Maintenance. TruVu 360 Product Information

THE FUTURE IS EFFICIENT

1100 Appliances. Big security for small branches. Datasheet: Check Point 1100 Appliances FEATURES BENEFITS GATEWAY SOFTWARE BLADES

n Explore virtualization concepts n Become familiar with cloud concepts

National strength. Regional knowledge. Industry expertise.

Software development of components for complex signal analysis on the example of adaptive recursive estimation methods.

WIPO-ESCWA ARAB REGI ONAL CONFERENCE ON INTELLECTUAL PROPERT Y AND ELECTRONIC COM MERCE

Addressing SaaS Security

Building the Internet of Everything (IoE) for First Responders

IS-IS in Detail. ISP Workshops

2017 LEARNING SYSTEM CONTACT INFORMATION FOR CLTD CERTIFICATION EXAM PREPARATION. learncltd.com. Joni Holeman, VP Education. APICS DC Metro Chapter

The Value of Peering

How Deutsche Telekom protects customer data

Innovative. Pharma-Tech Process Services is a high-energy, schedule-driven, technical service provider. Our innovative consulting services cover

ENTERPRISE ARCHITECTURE TRAINING COURSES to-tonex ( ) International: Fax:

Next generation IP- based multimedia services on cable TV networks

CORD Test Project in Okinawa Open Laboratory

An Improved Shuffled Frog-Leaping Algorithm for Knapsack Problem

STRATEGIC. alliances & Services

SECURED OPTIMAL ROUTING BASED ON TRUST AND ENERGY MODEL IN WIRELESS SENSOR NETWORKS. Tamil Nadu, INDIA

Optimization for framework design of new product introduction management system Ma Ying, Wu Hongcui

India Infrastructure. Expo 2018 AN EXPOSITION ON OPPORTUNITIES AND TECHNOLOGIES FOR COLLABORATION IN INFRASTRUCTURE. 24th 26th June 2018, NCPA Mumbai

SCAN INSPECT TRACK SOLVE

2016 LEARNING SYSTEM FOR CSCP CERTIFICATION EXAM PREPARATION. learncscp.com

What are Information Systems?

EFFECT OF QUERY FORMATION ON WEB SEARCH ENGINE RESULTS

The Implementation of the National Probation Service Information Systems Strategy

Mindmapping: A General Purpose (Test) Planning Tool

CA InterTest for CICS r8.5

Politecnico di Milano Advanced Network Technologies Laboratory. Internet of Things. Projects

BE Software Upgrades to ITALYCS 5. It s in the. Software

Complete Security Solutions with the Latest Technology and Law Enforcement Experienced Personnel.

GE FUNDAMENTALS OF COMPUTING AND PROGRAMMING UNIT III

Outline. CSCI 4730 Operating Systems. Questions. What is an Operating System? Computer System Layers. Computer System Layers

TONEX Global Training Courses & Seminars. Customization is Our Secret. Wireless Communication n. Business Management n

Protection of Communication Infrastructures

IncorporatingCluster-BasedRelationshipsin Web Rule Language

Chapter 4 Threads. Operating Systems: Internals and Design Principles. Ninth Edition By William Stallings

PayMobile. Features Overview

Air Force Data Reference Architecture and Platform

SFP1215W Forensic Pouch E V A L U A T I O N R E P O R T

CMSC Computer Architecture Lecture 12: Virtual Memory. Prof. Yanjing Li University of Chicago

A QoS Provisioning mechanism of Real-time Wireless USB Transfers for Smart HDTV Multimedia Services

150 Internet Exchange Points And Beyond!

CAMPUS OF THE SENSES ERLANGEN

Web OS Switch Software

100 Internet Exchange Points And Beyond!

The Birth of the Connected Platform

Global Support Guide. Verizon WIreless. For the BlackBerry 8830 World Edition Smartphone and the Motorola Z6c

Prevention of Black Hole Attack in Mobile Ad-hoc Networks using MN-ID Broadcasting

Architectural styles for software systems The client-server style

Huawei FusionHome Smart Energy Solution

System and Software Architecture Description (SSAD)

DEK Technologies. Through specialisation and innovation, dependability and dedication, we are developing tomorrow s technology.

Joint Inter-Ministerial Policy Dialogue on ehealth Standardization and Second WHO Forum on ehealth Standardization and Interoperability

1. SWITCHING FUNDAMENTALS

Data Protection A Guide to The General Data Protection Regulation for County FAs, National League System and other Football Clubs

The Software Delivery Experts. Agile, DevOps & QA Conference

Design and Implementation of Integrated Testing Tool based on Metrics and Quality Assurance

Out the box. dataloggers. easy to configure easy data streaming easy choice. connect, simply configure and go

Panel for Adobe Premiere Pro CC Partner Solution

Understanding the Federal IT Security Professional (FITSP) Certification

Baan Tools User Management

Oracle Process Manufacturing

Anti Fraud Services Founding Member Associate Member of..

Security of Bluetooth: An overview of Bluetooth Security

Future Safe Havens. Jon Crowcroft,

Lecture 1: Introduction

Transcription:

Cyber Risk Mitigatio for Smart Cities Abstract Rapid growth i global populatio ad evolvig techological, macro-ecoomic, ad evirometal ladscapes have fueled widespread iterest i smart cities, which are, essetially, dyamic ecosystems characterized by highly advaced, ituitive, ad iterdepedet cyber systems. As emergig digital techologies ad the Iteret of Thigs (IoT) pave the way for these smart habitats, effective risk maagemet becomes crucial to provide risk-free smart services to citizes.

The Rise of Smart Cities Approximately 70% of the world's populatio is expected to live i cities by 2050. Two key features of smart cities are citizecetricity ad digitallyeabled ifrastructure. As with all IT-eabled services, smart city services too should be risk-free ad secure. I coectig devices ad users, cyber systems should esure the highest level of co detiality ad itegrity, while allowig uhidered availability. It is therefore importat to proactively maage the security risks of iterdepedet systems of the smart city digital ifrastructure. Apart from smart ifrastructure, a smart city has advaced systems to maage eergy, trasport, traf c, water, healthcare, ad educatio. It is a seamless uio of techology, govermet, ad society to eable smart livig, which is characterized by a boomig ecoomy, effective goverace, ad coveiet public services. Iterdepedet Systems Form the Backboe of Smart Cities Iterdepedet systems are the foudatio of smart cities, as they provide the critical ifrastructure to hadle major public systems ad citize services. These iclude water ad eergy geeratio ad trasmissio setups, trasportatio frameworks, waste disposal mechaisms, street ad home lightig systems, coected healthcare, surveillace, ad more. Iterdepedet systems also eable dyamic ad syergistic data gatherig ad aalytics, which drive cotiuous improvemets across systems. I effect, a smart city is a 'system of systems' that follows a scale-free topology to allow future expasio, but without affectig the attributes of iterdepedecy ad itercoectedess.. Opportuities ad Risks: IT-eabled iterdepedet systems preset several opportuities to improve a citize s lifestyle. They ca help city coucils take ecessary actios, based o real-time aalysis of the data collected from various iterdepedet systems, such as idetifyig health hazards, mappig eergy ef ciecy of buildigs, prevetig crime, ad effectively maagig atural disasters. However, these iterdepedet systems also pose operatioal challeges ad security risks. If oe smart service iformatio system fails to provide relevat iformatio to other coected smart services, it ca lead to chaotic situatios.

Criticality of Risk Mitigatio: Due to the large umber of coected devices that make up a smart city's digital ifrastructure, ehaced security maagemet for gateway devices, such as idustrial cotrol systems (ICS) ad IT systems (ITS), is critical to prevet data breach or leakage. Leakage of sesitive data ca lead to a lockdow of critical services. The Role of Smart City Coucils Risk mitigatio i smart cities requires a detailed uderstadig of several factors. These iclude desig ad architecture of smart services, IT ifrastructure support capabilities, ad the kowledge of probable cyber threats. A city coucil should operate like a moder-day eterprise with speci c goals ad objectives that iclude plaig for defedig agaist cyber-attacks ad respodig to emergecies. Esurig security of etwork ad sesors: The smart city coucil should secure coected systems ad sesors from ay physical attack or i ltratio. Idetity maagemet ad device autheticatio mechaisms should be deployed at every iterface of a smart system. Digital foresic capabilities, which help trace cyber breaches ad gather evidece of malicious activities for legal actio, should be itegrated with the overall cyber architecture, right from the desig phase. Gatherig ad aalyzig real-time data with supervisory cotrol ad data acquisitio (SCADA) will help predict security failures, ad thus prevet a complete lockdow of critical services. Buildig resiliet systems: As a smart city grows, the itercoectios of systems ad iterdepedecies of smart services icrease maifold. This makes them more vulerable to cyber-attacks. The smart city coucil should therefore aim to desig risk resiliet digital architecture. The architecture should possess the adaptive capability to arrest aomalies i the ascet stage, ad lock dow a subsystem without disturbig other live compoets, esurig uiterrupted service delivery. Adoptig iteratioal stadards: The security stadards ad risk mitigatio strategies curretly beig used to secure IT systems may ot be adequate to safeguard the iterdepedet systems i smart cities. ISO 22301:2012,

the Iteratioal Stadard for Societal Security Busiess 1 Cotiuity Maagemet Systems should be adopted to prevet the disruptio of citize services. Proper commuicatio maagemet is critical for smart cities to respod to cyber threats ad other exigecies. Performig system impact ad iterdepedecy aalysis: Periodic system impact aalysis should be performed to idetify risks posed to critical iterdepedet systems ad itercoected services, with appropriately de ed recovery time ad recovery poit objectives. Smart cities should also have secure data receivers ad data storage to collect ad store data geerated from the ICS ad ITS compoets for aalysis, decisio makig, ad icidet respose maagemet. Smart city coucils should devise a compoet protectio strategy to idetify critical compoets of iterdepedet systems for agile risk aalysis. The CPNI Good Practice Guide for Process Cotrol ad SCADA 2 Security- ca be used by city coucils to esure security ad trustworthiess of the iterdepedet systems. It provides a framework based o idustry best practices for process cotrol ad IT security. The framework focuses o seve key themes: 1. Uderstadig busiess risks 2. Implemetig secure architecture 3. Establishig respose capabilities 4. Improvig awareess ad skills 5. Maagig third party risks 6. Egagig projects for security measures i service desig 7. Establishig ogoig goverace Esurig citize compliace: Citizes of smart cities are boud to play a crucial role i esurig the security of iterdepedet systems from cyber as well as physical security perspectives. Citizes with smart devices are critical poits i the cyber system framework, ad ca be targeted by attackers ad hackers to gai etry ito the system. This ca be doe through social egieerig, spam emails, data streamig, ad other malicious methods. To prevet this, smart city coucils should develop policies ad procedures for establishmet, maiteace, ad operatio of secure smart services. Cyber-awareess programs should be made madatory for citizes, ad pealties levied for ocompliace.

Coclusio Uderstadig ad evaluatig risks i smart city systems require a pragmatic approach to cyber risk maagemet due to the high level of itercoectedess of smart services ad the rapidly evolvig ature of costituet systems. With smart cities projected to grow rapidly over the ext few years, there is a clear eed for smart city coucils to focus o mitigatig security cocers. Icorporatig risk mitigatio ad developig strog security strategies i the iitial plaig ad service desig stages will eable smart city coucils to provide safe, secure, ad reliable services to its citizes. Refereces [1] ISO, 2012. ISO 22301:2012, http://www.iso.org/iso/catalogue_detail?csumber=50038, accessed November 2015 [2] Good Practice Guide Process Cotrol ad SCADA Security, http://www.cpi.gov.uk/documets/publicatios/2008/2008031- GPG_SCADA_Security_Good_Practice.pdf, accessed November 2015

About The Author Abhik Chaudhuri Abhik Chaudhuri is a Domai Cosultat with the Iformatio Techology Ifrastructure Services Global Techology Practice at TCS. He is a Cheveig TCS Fellow i Cyber Security, Privacy ad Policy with more tha 14 years of IT experiece. Cotact Visit TCS IT Ifrastructure Services uit page for more iformatio Email: itis.presales@tcs.com Subscribe to TCS White Papers TCS.com RSS: http://www.tcs.com/rss_feeds/pages/feed.aspx?f=w Feedburer: http://feeds2.feedburer.com/tcswhitepapers About Tata Cosultacy Services Ltd (TCS) Tata Cosultacy Services is a IT services, cosultig ad busiess solutios orgaizatio that delivers real results to global busiess, esurig a level of certaity o other firm ca match. TCS offers a cosultig-led, itegrated portfolio of IT ad IT-eabled, ifrastructure, egieerig ad assurace services. This is TM delivered through its uique Global Network Delivery Model, recogized as the bechmark of excellece i software developmet. A part of the Tata Group, Idia s largest idustrial coglomerate, TCS has a global footprit ad is listed o the Natioal Stock Exchage ad Bombay Stock Exchage i Idia. For more iformatio, visit us at www.tcs.com All cotet / iformatio preset here is the exclusive property of Tata Cosultacy Services Limited (TCS). The cotet / iformatio cotaied here is correct at the time of publishig. No material from here may be copied, modified, reproduced, republished, uploaded, trasmitted, posted or distributed i ay form without prior writte permissio from TCS. Uauthorized use of the cotet / iformatio appearig here may violate copyright, trademark ad other applicable laws, ad could result i crimial or civil pealties. Copyright 2016 Tata Cosultacy Services Limited TCS Desig Services I M I 12 I 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback