Apac
  • Home
  • CXO Insights
  • CIO Views
  • News
  • Conferences
  • Newsletter
  • Whitepapers
  • About us
Apac
  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cryptocurrency

    Cyber Security

    DevOps

    Digital Transformation

    Drone

    HPC

    Infrared

    Internet of Things

    IT Services

    Marine Tech

    Networking

    PropTech

    Remote Work

    Robotics

    Scheduling Software

    Sensor Tech

    Simulation

    Smart City

    Software Testing

    Startup

    Storage

    Unified Communication

    Web Development

    Wireless

  • Automotive

    Banking

    Capital Market

    Construction

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Travel and Hospitality

  • CISCO

    Google

    IBM

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cloud-based Planning

    Cognitive

    Collaboration

    Compliance

    Contact Center

    Contact Tracing

    Contactless Payments

    Corporate Finance

    CRM

    Custom Software Development

    Data Center

    Digital Signage

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Communications

    Enterprise Contract Management

    Enterprise Performance Management

    ERP

    Facility Management

    Field Service

    Fleet Management

    Gamification

    HR Technology

    IT Infrastructure

    IT Service Management

    Managed Services

    PLM

    Procurement

    Product Management

    Project Management

    RegTech

    Revenue Management

    Sales Tech

Menu
    • Smart City
    • CISCO
    • Collaboration
    • Compliance
    • Contact Center
    • Healthcare
    • IT Service Management
    • Microsoft
    • Retail
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Smart City
    Editor's Pick (1 - 4 of 8)
    left
    How Smart Cities can make us healthy

    Joelle Chen, Director, Global Partnerships & Marketing, Intelligent Air Solutions, Mann+Hummel

    Smart Cities Breed Smart People

    Peter Auhl

    Managing IT Budgets to help foster Innovation

    Subbu Murthy, CIO, Howard Building Corporation

    Journey to the Cloud - Getting Things Straight

    Alex Konnaris, Group CIO, RMA Group

    Redefining the CIOs role

    David Kennedy, Group CIO, Transaction Services Group

    At the Pinnacle of Smart City Aspirations

    Peter Auhl, CIO, City of Adelaide

    IT Revolutionizing Smart City Solutions

    Scott Cardenas, CIO, City and County of Denver

    Smart City-Smart Re-Invention

    Joe Iannello, VP & CIO, Capital Metro

    right

    Smart City Cyber Security & Resilience: Architecture and Best Practices

    By Erfan Ibrahim, Ph.D., Center Director, Cyber-Physical Systems Security & Resilience, NREL

    Tweet
    content-image

    Erfan Ibrahim, Ph.D., Center Director, Cyber-Physical Systems Security & Resilience, NREL

    The concept of a smart city has largely been taking shape in recent years, in part because of the growing challenges of over populated urban areas around the world as well as the emergence of low-cost, high-speed digital technologies that promise to alleviate these challenges. Traffic congestion, uncomfortable habitats, and poor health-care services are some examples of these challenges.

    In the United States, Canada, and several other countries around the world, innovative leaders, governments, and businesses are embarking on bold smart city initiatives that can address urban sprawl and provide better standards of living for their citizens. Such initiatives require a broadband network infrastructure at its core that can support critical information technology (IT) and operational technology (OT) services such as transportation, healthcare, education, and food production. Any smart city IT/OT infrastructure that has this many network nodes—and thus also exposure to potential cyber-attacks from hackers with access to one or more of those nodes—is vulnerable to compromised network security with varying levels of impact on smart city services.

    Smart City Cyber Security Truths

    Although there are ways to mitigate impacts and prevent cyber-attacks on a smart city’s IT/OT infrastructure, it is important to accept certain premises as truths to address today’s most crucial cyber challenges:

    • First, networks can be compromised no matter how high the fence. The impact of a hacker is directly proportional to the number of nodes and application services that the hacker can access from his or her pivot point in the network. If the hacker can access cyber security controls through the production network, for example, the asset owner will lose control of their network.

    • If wholesale encryption is used on the data in transit, it is very difficult to detect an intrusion without significantly increasing network latency—causing unwanted interruptions to critical IT/OT applications and sporadic suspensions of critical services to residents.

    • Focusing too much on the authentication of users on the network to strengthen cyber security can lead to the loss of major network parts if a trusted node is compromised by a hacker. Signature-based malware tools detect only a small portion of cyber-attacks, and they do not provide any protection for three to four weeks after the discovery of a cyber-vulnerability, until a signature is defined.

    By thoroughly acknowledging the implications of these truths, much can be done to limit cyber-attacks on a smart city’s infrastructure to ensure continued delivery of critical services to residents.

    • Although it is a good idea not to expose the OT network directly to public networks, air-gapping IT/OT networks can be futile, especially because, to work properly, smart applications in a Smart city often require integrated IT/OT networks.

    • Adding too many cyber security requirements to end points or protocols will make legacy infrastructure obsolete before the end of its productive life—making it harder to secure critical infrastructure without expensive upgrades and long payback periods, which can be a non-starter.

    • Highly centralized IT/OT infrastructure with extensive use of cloud-based services may be good from the perspectives of efficiency and operational costs; however, from the perspective of cyber security, these create a single point of failure. Such systems can allow hackers access to the crown jewels of a smart city—in the same way that an authorized end node has access to a highly centralized architecture.

    • Finally, if residents are not cyber security aware, they will inadvertently become the Achilles’ heel of the infrastructure because of unnecessary exposure to risks from social engineering, phishing schemes, or negligence.

    Possible Solutions to Smart City Cyber Security Woes

    By thoroughly acknowledging the implications of these truths, much can be done to limit cyber-attacks on a smart city’s infrastructure to ensure continued delivery of critical services to residents. The following empirically validated prescriptions, developed at the U.S. Department of Energy’s National Renewable Energy Laboratory’s (NREL’s) Center for Cyber Physical Systems security and Resilience, can help secure smart city IT/OT infrastructure today:

    1. Understand the use cases that will define the transactions of a smart city. A transaction on a network occurs between one node and another node or multiple nodes.

    2. Develop an architectural perspective on the smart city’s cyber security posture so that very specific requirements can be defined at all logical layers. Understand that there are nine logical layers that need protection across the smart city IT/OT network, including the seven layers of the Open Systems Interconnection (basic reference) model, the semantic layer, and the business process layer.

    3. Whenever possible, establish a universal concept of identity for every transactional node in the network and any human user of the network with two-factor authentication.

    4. Segment the network into virtual local area networks (VLANs) based on business functions, and use distributed intelligence and computing as much as possible with summaries to the central site.

    5. Strictly enforce role-based access control with access control lists on switches and virtual private network (VPN) login privileges on firewalls. This will limit broadcast storms—or sending large bursts of data to multiple destinations concurrently due to poor network configuration—to quiet down the network as much as possible. Also, provide finely defined privileges to the nodes and human users so their sphere of influence is limited to transactional node partners only. This will prevent access to anything else that requires two levels of third-party authorization and minimize damage in the event of a cyber-attack.

    6. Develop a protection scheme using firewalls on the externally facing nodes, intrusion-detection tools on the major data pipes within the infrastructure, and in-line blocking tools in front of the sensitive nodes running critical smart city IT/OT applications.

    Check Out : Top Smart City Startups
    tag

    Startups

    Information Technology

    Critical Infrastructure

    Renewable Energy

    Weekly Brief

    loading
    Top 10 Smart City Consulting/Service Companies - 2019
    Top 10 Smart City Solution Companies - 2019

    Featured Vendors

    Reneon Technologies

    Ashwin Menon, Founder and Director

    ON THE DECK

    Content Management System 2020

    Top Vendors

    Contactless Payments 2020

    Top Vendors

    Admired Tech 2020

    Top Vendors

    Corporate Finance 2020

    Top Vendors

    AI 2020

    Top Vendors

    Travel and Hospitality 2020

    Top Vendors

    Startup 2020

    Top Vendors

    Networking 2020

    Top Vendors

    FinTech 2020

    Top Vendors

    CRM 2020

    Top Vendors

    Scheduling Software 2020

    Top Vendors

    Education 2020

    Top Vendors

    Business Intelligence 2020

    Top Vendors

    PropTech 2020

    Top Vendors

    Salesforce 2020

    Top Vendors

    Big Data 2020

    Top Vendors

    Simulation 2020

    Top Vendors

    Product Management 2020

    Top Vendors

    Legal 2020

    Top Vendors

    Remote Work 2020

    Top Vendors

    Cryptocurrency 2020

    Top Vendors

    CEM 2020

    Top Vendors

    Insurance 2020

    Top Vendors

    Data Center 2020

    Top Vendors

    Banking 2020

    Top Vendors

    RegTech 2020

    Top Vendors

    Wireless 2020

    Top Vendors

    Procurement 2020

    Top Vendors

    Cognitive 2020

    Top Vendors

    Drone 2020

    Top Vendors

    HR Technology 2020

    Top Vendors

    HPC 2020

    Top Vendors

    Pharma and Life Science 2020

    Top Vendors

    SAP 2020

    Top Vendors

    Food and Beverages 2020

    Top Vendors

    Cloud 2020

    Top Vendors

    Blockchain 2020

    Top Vendors

    Cloud 2020

    Top Vendors

    Logistics 2020

    Top Vendors

    Augmented Reality 2020

    Top Vendors

    Contact Center 2020

    Top Vendors

    Oracle 2020

    Top Vendors

    Cyber Security 2020

    Top Vendors

    E-Commerce 2020

    Top Vendors

    Compliance 2020

    Top Vendors

    Enterprise Architecture 2020

    Top Vendors

    Digital Transformation 2020

    Top Vendors

    Manufacturing 2020

    Top Vendors

    Agile 2020

    Top Vendors

    CISCO 2020

    Top Vendors

    Field Service 2020

    Top Vendors

    Contact Center 2020

    Top Vendors

    IoT 2020

    Top Vendors

    Microsoft 2020

    Top Vendors

    Retail 2020

    Top Vendors

    Aviation 2020

    Top Vendors

    Healthcare 2020

    Top Vendors

    IT Service Management 2020

    Top Vendors

    Top Vendors

    Big Data 2019

    Top Vendors

    Digital Signage 2019

    Top Vendors

    Sales Tech 2019

    Top Vendors

    Startup 2019

    Top Vendors

    Salesforce 2019

    Top Vendors

    AI 2019

    Top Vendors

    Google 2019

    Top Vendors

    Smart City 2019

    Top Vendors

    FinTech 2019

    Top Vendors

    Admired Tech 2019

    Top Vendors

    Big Data 2019

    Top Vendors

    IT Services 2019

    Top Vendors

    Business Intelligence 2019

    Top Vendors

    Education 2019

    Top Vendors

    Project Management 2019

    Top Vendors

    Enterprise Asset Management 2019

    Top Vendors

    CRM 2019

    Top Vendors

    Data Center 2019

    Top Vendors

    PropTech 2019

    Top Vendors

    Capital Market 2019

    Top Vendors

    Travel and Hospitality 2019

    Top Vendors

    Legal 2019

    Top Vendors

    IT Infrastructure 2019

    Top Vendors

    Plastic Tech 2019

    Top Vendors

    Facility Management 2019

    Top Vendors

    Fleet Management 2019

    Top Vendors

    CEM 2019

    Top Vendors

    Sensor Tech 2019

    Top Vendors

    RegTech 2019

    Top Vendors

    Marine Tech 2019

    Top Vendors

    Collaboration 2019

    Top Vendors

    Software Testing 2019

    Top Vendors

    Facility Management 2019

    Top Vendors

    Automotive 2019

    Top Vendors

    Food and Beverages 2019

    Top Vendors

    Insurance 2019

    Top Vendors

    HPC 2019

    Top Vendors

    Wireless 2019

    Top Vendors

    Simulation 2019

    Top Vendors

    Corporate Finance 2019

    Top Vendors

    Drone 2019

    Top Vendors

    AI Healthcare 2019

    Top Vendors

    SAP 2019

    Top Vendors

    Procurement 2019

    Top Vendors

    Cyber Security 2019

    Top Vendors

    IBM 2019

    Top Vendors

    Construction 2019

    Top Vendors

    Logistics 2019

    Top Vendors

    Managed Services 2019

    Top Vendors

    Manufacturing 2019

    Top Vendors

    Media and Entertainment 2019

    Top Vendors

    Cloud 2019

    Top Vendors

    Banking 2019

    Top Vendors

    Agile 2019

    Top Vendors

    IT Service Management 2019

    Top Vendors

    Retail 2019

    Top Vendors

    HR Technology 2019

    Top Vendors

    Oracle 2019

    Top Vendors

    Cognitive 2019

    Top Vendors

    Compliance 2019

    Top Vendors

    Contact Center 2019

    Top Vendors

    Healthcare 2019

    Top Vendors

    Gov and Public 2019

    Top Vendors

    Microsoft 2019

    Top Vendors

    Pharma and Life Science 2019

    Top Vendors

    DevOps 2019

    Top Vendors

    E-Commerce 2019

    Top Vendors

    Blockchain 2019

    Top Vendors

    IoT 2019

    Top Vendors

    Metals and Mining 2019

    Top Vendors

    Gamification 2019

    Top Vendors

    Field Service 2019

    Top Vendors

    Augmented Reality 2019

    Top Vendors

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Pinpointing Weak Links in an Enterprise Security Chain: Helping Companies Battle Data and Content Security Challenges

    Pinpointing Weak Links in an Enterprise Security Chain: Helping Companies Battle Data and Content Security Challenges

    Hiro Imamura, SVP and GM, Business Imaging Solutions Group, Canon U.S.A. [NYSE:CAJ]
    Evolving Customer Relationship Management: Move Fast or Die Trying

    Evolving Customer Relationship Management: Move Fast or Die Trying

    Ed Ariel, Vice President of Service Operations, ezCater
    Importance of Customer Relationship Management Implementation

    Importance of Customer Relationship Management Implementation

    Drew Fredrick, Vice President, Home Building Technology, Clayton Homes
    How enterprise tech startups and corporates can collaborate for innovation

    How enterprise tech startups and corporates can collaborate for innovation

    Paul Santos, Managing Partner, Wavemaker Partners
    How an Initiative for Standardization and Modularization Leads to Cost Reduction, Increased Efficiency-and Better Teamwork

    How an Initiative for Standardization and Modularization Leads to Cost Reduction, Increased Efficiency-and Better Teamwork

    Faruk Bilgin, Global Director Manufacturing Engineering of Webasto Group
    Empowering the Retail Paradigm

    Empowering the Retail Paradigm

    Jason Williams, VP of Engineering, DICK’S Sporting Goods
    Fortifying the Retail Pardigm Amidst Uncertainities

    Fortifying the Retail Pardigm Amidst Uncertainities

    Vlad Yakubson, Head of Retail, yd.
    Journey from Intelligent Automation (IA) to Artificial Intelligence (AI)

    Journey from Intelligent Automation (IA) to Artificial Intelligence (AI)

    Sanjay Choubey, VP-IT, Briggs & Stratton
    Loading...

    Copyright © 2021 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap |  Subscribe

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://smart-city.apacciooutlook.com/cxoinsights/smart-city-cyber-security-resilience-architecture-and-best-practices-nwid-4511.html