Smart City Cyber Security & Resilience: Architecture and Best Practices

• Although it is a good idea not to expose the OT network directly to public networks, air-gapping IT/OT networks can be futile, especially because, to work properly, smart applications in a smart city often require integrated IT/OT networks.

• Adding too many cyber security requirements to end points or protocols will make legacy infrastructure obsolete before the end of its productive life—making it harder to secure critical infrastructure without expensive upgrades and long payback periods, which can be a non-starter.

• Highly centralized IT/OT infrastructure with extensive use of cloud-based services may be good from the perspectives of efficiency and operational costs; however, from the perspective of cyber security, these create a single point of failure. Such systems can allow hackers access to the crown jewels of a smart city—in the same way that an authorized end node has access to a highly centralized architecture.

• Finally, if residents are not cyber security aware, they will inadvertently become the Achilles’ heel of the infrastructure because of unnecessary exposure to risks from social engineering, phishing schemes, or negligence.

Possible Solutions to Smart City Cyber Security Woes

By thoroughly acknowledging the implications of these truths, much can be done to limit cyber-attacks on a smart city’s infrastructure to ensure continued delivery of critical services to residents. The following empirically validated prescriptions, developed at the U.S. Department of Energy’s National Renewable Energy Laboratory’s (NREL’s) Center for Cyber Physical Systems Security and Resilience, can help secure smart city IT/OT infrastructure today:

1. Understand the use cases that will define the transactions of a smart city. A transaction on a network occurs between one node and another node or multiple nodes.

2. Develop an architectural perspective on the smart city’s cyber security posture so that very specific requirements can be defined at all logical layers. Understand that there are nine logical layers that need protection across the smart city IT/OT network, including the seven layers of the Open Systems Interconnection (basic reference) model, the semantic layer, and the business process layer.

3. Whenever possible, establish a universal concept of identity for every transactional node in the network and any human user of the network with two-factor authentication.

4. Segment the network into virtual local area networks (VLANs) based on business functions, and use distributed intelligence and computing as much as possible with summaries to the central site.

5. Strictly enforce role-based access control with access control lists on switches and virtual private network (VPN) login privileges on firewalls. This will limit broadcast storms—or sending large bursts of data to multiple destinations concurrently due to poor network configuration—to quiet down the network as much as possible. Also, provide finely defined privileges to the nodes and human users so their sphere of influence is limited to transactional node partners only. This will prevent access to anything else that requires two levels of third-party authorization and minimize damage in the event of a cyber-attack.

6. Develop a protection scheme using firewalls on the externally facing nodes, intrusion-detection tools on the major data pipes within the infrastructure, and in-line blocking tools in front of the sensitive nodes running critical smart city IT/OT applications.