Securing Smart Cities issues SCD guidelines
Report highlights cybersecurity responsibilities of Smart City Departments
Smart city security organisation Securing Smart Cities has released a set of guidelines on the role and responsibilities of smart city management in ensuring safe and secure operations.
The non-profit initiative has written the report which is intended to provide public and private organisations with a baseline when developing the information security role within a Smart City Department (SCD).
As the organisation that is responsible for developing smart city programs for a city or large organisation, the SCD, either public or private sector, needs to have certain key security elements defined as part of its role from its inception, the report says.
In terms of the security role, the SCD should consider technology adoption, services quality, legislative compliance, interorganisational and intraorganisational information and communication resilience in addition to the efficiency and sustainability of operations.
Mohamad Amin Hasbini, one of the authors of the report, Securing Smart Cities board member and security expert at Kaspersky Lab commented: "These guidelines are yet another step towards Securing Smart Cities (SSC), as the name of the initiative suggests. We're trying to enhance everyone's understanding of the smart city requirements, by developing useful insights and sharing expertise with the people who will be responsible for the development and management of smart cities. The document is based on the experience of the SSC community members, who are involved in large scale cyber governance, as well as other security specialists: from penetration testers to industrial security experts.
"In-keeping with our efforts to provide practical resources for organisations, the Securing Smart Cities initiative is releasing these new guidelines to help provide valuable recommendations in making our current and future cities more secure," said Cesar Cerrudo, Securing Smart Cities board member and chief technology officer for IOActive.
The report notes the cyber-security challenges facing smart cities, including a large, complex attack surface with a quickly evolving infrastructure; insufficient means to oversee and organise such a complex environment, and the political profile and involvement in smart cities.
The SCD's security role and responsibilities should include numerous elements, according to the report, including governance and leadership support, to keep all stakeholders informed and in line with latest compliance requirements and reporting; infrastructure support, to establish baseline standards for technology; and risk management optimisation, to ensure full awareness of risks and threats for risk management teams.
The SCD should also provide legal support to ensure full definition of regulations, roles, responsibilities and managing service level agreements from partners; as well as be involved in collaborative threat intelligence, including monitoring and threat detection and sharing with relevant authorities such as CERTs.
Securing Smart Cities is an initiative to identify the cyber-security challenges facing smart cities and develop solutions to those challenges. Supporting organisations include Kaspersky Lab, IOActive, Bastille, the Cloud Security Alliance, and Xipiter, among others.