These 3 security pillars will help keep your city's data safe

Thu, 2017-07-27 13:08 -- SCC Partner

Your data is valuable. That’s why hackers want it. And they’re getting more successful at stealing it and vandalizing it.

So what can you do? Understand there is no single magical solution. There are actually three elements of any effective cybersecurity strategy — all of which need your attention.

Current, powered by GE, a Council Global Lead Partner, discusses each of the three in depth below. Use this as a checklist as you’re determining whether you’re doing enough to keep your data safe. — Kevin Ebi

By Amine Chigani, Chief Architect, and Gleb Geguine, Chief Engineer, Current, powered by GE

Deploying smart city infrastructure unleashes unprecedented value for city officials while positively impacting lives of citizens.  But, like anything of municipal value, smart city infrastructure can be a target for cyber and physical attacks. Whether these potential attacks are vandalism, hardware or data theft to facilitate breach of third-party systems, cities can experience peace of mind if they implement a multi-layered approach to security.

Choose from platforms that are built from the ground up for heavily regulated domains and leverage open-source technologies and standards – which is advantageous for an ecosystem of partners.  When securing a smart city, strike a balance between cost of implementation and the total costs of a breach, then deploy industrial-grade cyber security to address three pillars: edge, connectivity and cloud.

Edge security focuses on protecting local data and securing access to the larger system. First, ensure every node within your smart city has a unique, trackable identity and can be remotely authenticated using the device’s unique certificates stored within its Trusted Platform Module. Secondly, authenticate every removable module by using a reverse-engineering resistant crypto-chip carrying the module identity.

These efforts, along with the secure boot sequence, allow smart cities to build a tree of trust expanding from the semiconductor components to the encrypted file system. This method ensures the information stored on it is protected and the effects are limited to the loss of the single node – even if the perpetrator possesses the node. As a final precaution, prior to node update deployment, ensure continuity of the security by signing and verifying software patches.

This pillar is subject of dual concern – security of the transmitted data and prevention of leveraging its infrastructure to mount an attack on third party systems. When addressing these concerns learn and embrace the best practices developed by your vendor’s official cyber security team.

One of the best practices should be to use encrypted, two-way Transport Layer Secure protocol and transmit only via secure tunnels with source and destination inspection at the interface points.

Is your platform’s security embedded at every level of the cloud stack? If so, you should ensure compliance with tens of compliance standards and contractual clauses related to data including Export control, HIPAA, FedRAMP, and others.

Additionally, 24/7/365 monitoring of cloud infrastructure, apps and APIs allow for constant recommendations and hardening by “red teams” who work to find vulnerabilities before potential attackers do.  Assigning separate data persistence instances further ensures segmentation of the data access. Lastly, when using an open yet secure platform, leverage Open Authentication (OAuth2) standard to manage users clients accessing APIs.

Only when security needs for each pillar – edge, connectivity, and cloud – are properly implemented can you achieve effective and persistent security for your evolving intelligent city.

# # #

Amine Chigani, Chief Architect, Current, powered by GE, has expertise in IoT architectures, agile development, and systems thinking that drive product quality, reduce technology/mission risk, and deliver customer value. Connect with Amine on LinkedIn.

Gleb Geguine, Chief Engineer at Current, powered by GE, has 25 years experience bringing emerging technology platforms from concepts to product level in high-performance industrial domains. Connect with Gleb on LinkedIn