APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Smart City
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Smart City
    Editor's Pick (1 - 4 of 8)
    left
    For a Smarter City: Trust the Data, Ignore the Hype

    Brad Dunkle, Deputy CIO, City of Charlotte

    Smart Community Innovation for the Post Pandemic

    Harry Meier, Deputy Cio for Innovation, Department of Innovation and Technology, City of Mesa

    How Smart Cities can make us healthy

    Joelle Chen, Director, Global Partnerships & Marketing, Intelligent Air Solutions, Mann+Hummel

    Smart Cities Breed Smart People

    Peter Auhl

    Managing IT Budgets to help foster Innovation

    Subbu Murthy, CIO, Howard Building Corporation

    Journey to the Cloud - Getting Things Straight

    Alex Konnaris, Group CIO, RMA Group

    Redefining the CIOs role

    David Kennedy, Group CIO, Transaction Services Group

    At the Pinnacle of Smart City Aspirations

    Peter Auhl, CIO, City of Adelaide

    right

    Smart City Cyber Security & Resilience: Architecture and Best Practices

    Erfan Ibrahim, Ph.D., Center Director, Cyber-Physical Systems Security & Resilience, NREL

    Tweet
    content-image

    Erfan Ibrahim, Ph.D., Center Director, Cyber-Physical Systems Security & Resilience, NREL

    The concept of a smart city has largely been taking shape in recent years, in part because of the growing challenges of over populated urban areas around the world as well as the emergence of low-cost, high-speed digital technologies that promise to alleviate these challenges. Traffic congestion, uncomfortable habitats, and poor health-care services are some examples of these challenges.

    In the United States, Canada, and several other countries around the world, innovative leaders, governments, and businesses are embarking on bold smart city initiatives that can address urban sprawl and provide better standards of living for their citizens. Such initiatives require a broadband network infrastructure at its core that can support critical information technology (IT) and operational technology (OT) services such as transportation, healthcare, education, and food production. Any smart city IT/OT infrastructure that has this many network nodes—and thus also exposure to potential cyber-attacks from hackers with access to one or more of those nodes—is vulnerable to compromised network security with varying levels of impact on smart city services.

    Smart City Cyber Security Truths

    Although there are ways to mitigate impacts and prevent cyber-attacks on a smart city’s IT/OT infrastructure, it is important to accept certain premises as truths to address today’s most crucial cyber challenges:

    • First, networks can be compromised no matter how high the fence. The impact of a hacker is directly proportional to the number of nodes and application services that the hacker can access from his or her pivot point in the network. If the hacker can access cyber security controls through the production network, for example, the asset owner will lose control of their network.

    • If wholesale encryption is used on the data in transit, it is very difficult to detect an intrusion without significantly increasing network latency—causing unwanted interruptions to critical IT/OT applications and sporadic suspensions of critical services to residents.

    • Focusing too much on the authentication of users on the network to strengthen cyber security can lead to the loss of major network parts if a trusted node is compromised by a hacker. Signature-based malware tools detect only a small portion of cyber-attacks, and they do not provide any protection for three to four weeks after the discovery of a cyber-vulnerability, until a signature is defined.

    By thoroughly acknowledging the implications of these truths, much can be done to limit cyber-attacks on a smart city’s infrastructure to ensure continued delivery of critical services to residents.

    • Although it is a good idea not to expose the OT network directly to public networks, air-gapping IT/OT networks can be futile, especially because, to work properly, smart applications in a Smart city often require integrated IT/OT networks.

    • Adding too many cyber security requirements to end points or protocols will make legacy infrastructure obsolete before the end of its productive life—making it harder to secure critical infrastructure without expensive upgrades and long payback periods, which can be a non-starter.

    • Highly centralized IT/OT infrastructure with extensive use of cloud-based services may be good from the perspectives of efficiency and operational costs; however, from the perspective of cyber security, these create a single point of failure. Such systems can allow hackers access to the crown jewels of a smart city—in the same way that an authorized end node has access to a highly centralized architecture.

    • Finally, if residents are not cyber security aware, they will inadvertently become the Achilles’ heel of the infrastructure because of unnecessary exposure to risks from social engineering, phishing schemes, or negligence.

    Possible Solutions to Smart City Cyber Security Woes

    By thoroughly acknowledging the implications of these truths, much can be done to limit cyber-attacks on a smart city’s infrastructure to ensure continued delivery of critical services to residents. The following empirically validated prescriptions, developed at the U.S. Department of Energy’s National Renewable Energy Laboratory’s (NREL’s) Center for Cyber Physical Systems security and Resilience, can help secure smart city IT/OT infrastructure today:

    1. Understand the use cases that will define the transactions of a smart city. A transaction on a network occurs between one node and another node or multiple nodes.

    2. Develop an architectural perspective on the smart city’s cyber security posture so that very specific requirements can be defined at all logical layers. Understand that there are nine logical layers that need protection across the smart city IT/OT network, including the seven layers of the Open Systems Interconnection (basic reference) model, the semantic layer, and the business process layer.

    3. Whenever possible, establish a universal concept of identity for every transactional node in the network and any human user of the network with two-factor authentication.

    4. Segment the network into virtual local area networks (VLANs) based on business functions, and use distributed intelligence and computing as much as possible with summaries to the central site.

    5. Strictly enforce role-based access control with access control lists on switches and virtual private network (VPN) login privileges on firewalls. This will limit broadcast storms—or sending large bursts of data to multiple destinations concurrently due to poor network configuration—to quiet down the network as much as possible. Also, provide finely defined privileges to the nodes and human users so their sphere of influence is limited to transactional node partners only. This will prevent access to anything else that requires two levels of third-party authorization and minimize damage in the event of a cyber-attack.

    6. Develop a protection scheme using firewalls on the externally facing nodes, intrusion-detection tools on the major data pipes within the infrastructure, and in-line blocking tools in front of the sensitive nodes running critical smart city IT/OT applications.

    Check Out : Top Smart City Startups
    tag

    Startups

    Information Technology

    Renewable Energy

    Critical Infrastructure

    Weekly Brief

    loading
    Top 10 Smart City Solutions Companies - 2024
    ON THE DECK

    Smart City 2024

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Cultivating a Sustainable Future through Collaboration

    Cultivating a Sustainable Future through Collaboration

    Jiunn Shih, Chief Marketing, Innovation & Sustainability Officer, Zespri International
    Mastering Digital Marketing Strategies

    Mastering Digital Marketing Strategies

    Tasya Aulia, Director of Marketing and Communications, Meliá Hotels International
    Building a Strong Collaborative Framework for Artificial Intelligence

    Building a Strong Collaborative Framework for Artificial Intelligence

    Boon Siew Han, Regional Head of Humanoid Component Business & R&D (Apac & Greater China), Schaeffler
    From Legacy to Agility Through Digital Transformation

    From Legacy to Agility Through Digital Transformation

    Athikom Kanchanavibhu, EVP, Digital & Technology Transformation, Mitr Phol Group
    Change Management for Clinical Ancillary Teams: Aligning Practice with Policy and Progress

    Change Management for Clinical Ancillary Teams: Aligning Practice with Policy and Progress

    Ts. Dr. James Chong, Chief Executive Officer, Columbia Asia Hospital – Tebrau
    Digital Transformation: A Journey Beyond Technology

    Digital Transformation: A Journey Beyond Technology

    John Ang, Group CTO, EtonHouse International Education Group
    Building A Strong Data Foundation: The Key To Successful Ai Integration In Business

    Building A Strong Data Foundation: The Key To Successful Ai Integration In Business

    Richa Arora, Senior Director Of Data Governance, Cbre
    Transforming Tollways Through People, Data and Digital Vision

    Transforming Tollways Through People, Data and Digital Vision

    Carlo Cagalingan, Chief Digital Officer and Chief Information Officer, Metro Pacific Tollways Corporation
    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://smart-city.apacciooutlook.com/cxoinsights/smart-city-cyber-security-resilience-architecture-and-best-practices-nwid-4511.html