Smart Cities are connected scenarios in which the objects become intelligents and interact each other with the goal of providing efficient and sustainables services, improving the life quality of the people. However, the adoption of new technologies to the city infrastructure also increase cyberrisks. Cities are particularly vulnerable targets for these three reasons:
- A large part of city services (lighting, transport, traffic, administration and health, among others) depend on technology, transforming cities into critical infrastructures.
- Current tecnological systems are complex and interdependent so it is difficult to know how exposed they are.
- Cities are not prepare to face cyberattacks due to the lack of mature in cybersecurity personnel and response plans.
The consecuences and damages of cyberattacks are higher when we deal with Smart Cities as they can cause essential services interruption and affect to the national security. Therefore, cybersecurity should be a priority in the Smart Cities to face the cyberattacks. Specially considering that Smart City systems also have access to PII (Personally identifiable information). For all of the above reasons, it is mandatory to adopt measures to mitigate the negative consecuences of uncontrolled PII data use.
Wellness TechGroup proposes an unique approach to cybersecurity and privacy specific designed for Smart Cities. The solution is made up of four proposals: audit, strategy, resilient city and continuous monitoring.
The audit analyses the security and privacy requirements and its state of compliance. It also evaluates the readness level of the smart infrastructure and identifies its critical weakness in order to adapt the strategy to them. The audit considers a test of the technologies’ security (communications, administration, sensor’s maintenance, potential danger to manipulation) and assesses the supplier management of devices for ensuring they are free from vulnerabilities from the manufacturing stage to the installation stage.
The strategy is designed according to the security priorities and objectives of the city, and in accordance with the regulations for ensuring its compliance. A service for the management of security assets and sessions for cybersecurity awareness-raising and training are also included.
The result of the applying the strategy will be a Smart and resilient city which tests and updates periodically its cybersecurity planning and reponse ability. This also considers the design of a continuity plan and management of cybersecurity breachs with third parties (CERTs and supervisory authorities).
The continuous monitoring is implemented during every stage and ensures the shielding of the insfrastructure and its data. Monitoring analysis provides reports, informs and cyberrisk alerts. The monitoring enables administrators to examine the cybersecurity status of the city in real time.
- Avoid economical losses caused by cyberattacks and service shutdowns.
- Know and manage risks by limiting their impacts.
- Comply with regulations and avoid sanctions.
- Safer services
- Infrastructure more shielded and personnel more prepared.
- Public services continuity guaranteed.
- Management planning for rapid and effective responsing to cyber-menaces.
- Increased trust from citizens and users.
- Continued security evaluation.
- Response plan updates.