IT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities

Similar documents
IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery

Retail. White Paper. Driving Strategic Sourcing Effectively with Supply Market Intelligence

Linking Transformational Initiatives to Desired Business Outcomes: Leveraging a Business-Metrics Driven Framework

ion IT-as-a-Service Solution

Business Process Services. White Paper. Improving Efficiency in Business Process Services through User Interface Re-engineering

Business Process Services. White Paper. Personalizing E-Commerce: Improving Interactivity to Increase Revenues

Next Generation Electric Utilities Gear up Using Cloud Based Services

Business Process Services. White Paper. Mitigating Trade Fraud: The Case for Detecting Group Level Fraudulent Activity

Enterprise-wide Anti-money Laundering and KYC Initiatives A point of view

Business Process Services. White Paper. Automating Management: Managing Workflow Effectively

Conferencing Agent Enhancing the Communication Experience

Bring Your Own Device (BYOD) A point of view

Digital Enterprise Unit. White Paper. Reimagining the Future of Field Service Management with Digital Technologies

White Paper. Social Analytics

ion Customer Relationship Management (CRM) Solution

Business Process Services. White Paper. Predictive Analytics in HR: A Primer

Life Sciences. White Paper. Real-time Patient Health Monitoring with Connected Health Solutions

Business Process Services. White Paper. Configurable, Automated Workflows: Transforming Process Effectiveness for Business Excellence

A pay-as-you-use model About TCS ion Integrated solutions Personalized solutions Automatic upgrades Increased agility

Business Process Services. White Paper. Leveraging the Internet of Things and Analytics for Smart Energy Management

Business Process Transformation A Pulse Check

Business Process Services. White Paper. Improving Agility in Accounts Receivables with Statistical Prediction and Modeling

HiTech. White Paper. Storage-as-a-Service. SAN and NAS Reference Architectures leveraging Private Cloud Storage

Robotic Process Automation: Reenergizing the Directory Publishing Industry

National Cyber Security Policy -2013

IT Infrastructure Services. White Paper. Emerging PaaS Models and Migration to PaaS

Simplify your admission process - The ion Way

HiTech. White Paper. A Next Generation Search System for Today's Digital Enterprises

Overview. Société Générale

Business Process Services. White Paper. Business Intelligence in Finance & Accounting: Foundation for an Agile Enterprise

Business Process Services. White Paper. Five Principles to Consider when Consolidating your Finance and Accounting Function

ion Human Capital Management Solution

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Business Process Services. White Paper. Social Media Influence: Looking Beyond Activities and Followers

Business Process Services. White Paper. Managing Customer Experience: Strategies for Success

TCS Supply Chain Center of Excellence

KYCS - Integrating KYC with Social Identity: The Future-Ready Marketing Approach

Seven Strategic Imperatives for Transitioning to a Shared Services Model

Digital Enterprise. White Paper. Capturing the Voice of the Employee: Enterprise Social Media Monitoring and Analytics

Cyber Security: Confronting the Threat

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

EMC DOCUMENTUM MANAGING DISTRIBUTED ACCESS

Business Process Services. White Paper. Effective Credit Risk Assessment Strengthening the Financial Spreading with Technology Enablers

Business Process Services. White Paper. Strengthening Business Operations with the Digital Five Forces

BPM Perspectives Positioning and Fitment drivers

Banking & Financial Services. White Paper. Automated Advice Delivery Platforms: Simplifying the Investment Management Game

The four windows of organizational change in training for ERP transformation

Bridging the IT Business Gap The Role of an Enterprise Architect

Into the cybersecurity breach

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Cyber Security solutions

Enter an insurance solution, TCS BaNCS from Tata Consultancy Services.

Overview. Integrated Front-mid-back office as well as standalone Front office or Back-office solution or Trading Channels

Digital Enterprise. White Paper. Multi-Channel Strategies that Deliver Results with the Right Marketing Attribution Model

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

CYBER SECURITY GUIDANCE

PCI Compliance for Cloud Applications

Backlog Management Index (BMI) Evaluation and Improvement An ITIL Approach

Backward Scheduling An effective way of scheduling Warehouse activities

Five keys to a more secure data environment

Implement Business Process Management to realize Cost Savings and High Return on Investments

Life Sciences. White Paper. Integrated Digital Marketing: The Key To Understanding Your Customer

Redefining Agile to Realize Continuous Business Value

Transportation Solutions Built on Oracle Transportation Management. Enterprise Solutions

Lead the Retail Revolution.

HEALTH CARE AND CYBER SECURITY:

Call to Action on Smart Sustainable Cities

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Address C-level Cybersecurity issues to enable and secure Digital transformation

ion Manufacturing Solution

Business Process Services. White Paper. Transforming the Mortgage Lending Process through Social Media

Data Visualization in Ext Js 3.4

Green Desktop Infrastructure

Benchmarking Software Quality With Applied Cost of Quality

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Preemptive security solutions for healthcare

Procurement needs a Digital Strategy

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Is Your Vendor CJIS-Certified?

Business Process Services. White Paper. Effective Vendor Management: Improving Supply Chain Efficiencies, Reducing Risk

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Banking & Financial Services. White Paper. How a Hybrid Cloud Strategy can help Financial Institutions Realize Business Value

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

BI Today and Tomorrow

Securities Processing

Cybersecurity Converged Resilience :

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Cloud Computing for SCADA

Transcription:

IT Infrastructure Services White Paper Cyber Risk Mitigation for Smart Cities

About the Author Abhik Chaudhuri Abhik Chaudhuri is a Domain Consultant with the Information Technology Infrastructure Services (ITIS) Global Technology Practice at Tata Consultancy Services (TCS). A specialist in cyber security and policy, he is focused on developing secure IoT systems for smart cities. Chaudhuri has more than 13 years of IT experience, and is a Chevening TCS Fellow in Cyber Security and Policy.

Abstract Rapid growth in global population and evolving technological, macro-economic, and environmental landscapes have fueled widespread interest in smart cities, which are, essentially, dynamic ecosystems characterized by highly advanced, intuitive, and interdependent cyber systems. As emerging digital technologies and the Internet of Things (IoT) pave the way for these smart habitats, effective risk management becomes more crucial than ever. Here is where a smart city council can play a vital role. By identifying vulnerable systems, assessing the type and magnitude of probable risks, and instituting remedial measures, these bodies can thwart cyber-attacks and create risk-resilient smart services. This article discusses the smart city concept, and how smart city councils can effectively address the information security needs of interdependent systems, to provide risk-free smart services to its citizens.

Contents The Rise of Smart Cities 5 Interdependent Systems: The Backbone of Smart Cities 5 Opportunities and risks 5 Why Risk Mitigation is a Top Priority for Smart Cities 6 The Role of Smart City Councils 6 Ensuring security of network and sensors 6 Building resilient systems 6 Adopting international standards 7 Performing system impact and interdependency analysis 7 Ensuring citizen compliance 8 Making Smart Cities Safe with Effective Risk Management 8

The Rise of Smart Cities Approximately 70% of the world's population is expected to live in cities by 2050. To meet the growing needs of this population, city councils the world over are in an expansion mode. The concept of 'smart cities' lends promise in this scenario as these cities are expected to provide superior living experience thanks to a host of cyber-enabled services. As in the case of all IT-enabled services, smart city services too should be risk-free and secure for their citizens to use. In connecting devices and users, cyber systems should ensure the highest level of confidentiality and integrity, while allowing unhindered availability. It is therefore important to proactively manage the security risks of interdependent systems of the smart city digital infrastructure. Two key features of smart cities are citizen-centricity and digitally-enabled infrastructure. Aside of having smart infrastructure, a smart city has advanced systems to manage energy, transport, traffic, water, healthcare, and education. Essentially, it is a seamless union of technology, government, and society to enable smart living, which is characterized by a booming economy, effective governance, and convenient public services. ITU-T's Focus Group on Smart Sustainable Cities (FG-SSC) defines a smart sustainable city as an innovative city that uses information and communication technologies (ICTs) and other means to improve quality of life, efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social, and environmental aspects. ¹ 5 Interdependent Systems: The Backbone of Smart Cities Interdependent systems are the foundation stone of smart cities, as they provide the critical infrastructure to handle major public systems and citizen services. These include water and energy generation and transmission setups, transportation frameworks, waste disposal mechanisms, street and home lighting systems, connected healthcare, surveillance, and more. Interdependent systems also enable dynamic and synergistic data gathering and analytics, which drives continuous improvements across systems. In effect, a smart city is a 'system of systems' that follows a scale-free topology to allow future expansion, but without affecting the attributes of interdependency and interconnectedness. Opportunities and risks The Internet of Things (IoT) promotes an ecosystem of smart applications and services by interconnecting everyday objects and applications, thus enhancing peoples' lives. IT-enabled interdependent systems present several opportunities to improve a citizen s lifestyle. They can help city councils take necessary actions based on real-time analysis of the data collected from various interdependent systems. For example, the city council can analyze health data of its citizens to identify adverse health scenarios such as virus attacks, at an early stage, and take necessary actions to prevent widespread outbreaks. Data integration in smart cities can also be utilized to map energy efficiency of buildings, prevent crime, and effectively manage natural disasters. In addition, it can be leveraged to monitor the city's development in areas such as housing, education, transport, medical services, and employment. [1] ITU-T FG-SSC, Focus Group on Smart Sustainable Cities, June 2014, http://www.itu.int/en/itu-t/focusgroups/ssc/pages/default.aspx, accessed November 2015

However, these interdependent systems also pose operational challenges and security risks. If one smart service information system fails to provide relevant information to other connected smart services, it can lead to chaotic situations, which eventually may result in a complete breakdown. For example, the failure of a smart traffic management database server can cause havoc with the smart transport management system, thus inconveniencing citizens and disrupting governance. Another example could be of a smart healthcare service, where a breach in the network or in the health monitoring device can put the patient's life at risk. Why Risk Mitigation is a Top Priority for Smart Cities Due to the large number of connected devices that make up a smart city's digital infrastructure, enhanced security management for gateway devices, such as industrial control systems (ICS) and IT systems (ITS), is critical to prevent data breach or leakage. Leakage of sensitive data can lead to a lock-down of critical services. A smart city framework deals with huge volumes of data that is generated as a result of communication between various interdependent subsystems and the interactions between devices and citizens. Protection of such private and sensitive information, especially citizen data, is of utmost importance. Further, any incident of data breach or data loss can damage citizens' perception of security in a smart city. Other information security concerns include interception of wireless data in transit between senders and receivers, leakage of confidential information, and viruses in devices such as sensors. Cloud-based information services and data storage in smart cities can also be compromised through hacking and other subversive activities. The Role of Smart City Councils Risk mitigation in smart cities requires a detailed understanding of several factors. These include design and architecture of smart services, IT infrastructure support capabilities, and the knowledge of probable cyber threats. A city council should operate like a modern-day enterprise with specific goals and objectives that include planning for defending against cyber-attacks and responding to emergencies. Ensuring security of network and sensors The smart city council should secure connected systems and sensors from any physical attack or infiltration. Identity management and device authentication mechanisms should be deployed at every interface of a smart system. Digital forensic capabilities, which help trace cyber breaches and gather evidence of malicious activities for legal action, should be integrated with the overall cyber architecture, right from the design phase. Gathering and analyzing real-time data with supervisory control and data acquisition (SCADA) will help predict security failures, and thus prevent a complete lock-down of critical services. Building resilient systems As a smart city grows, the interconnections of systems and interdependencies of smart services increase manifold. This makes them more vulnerable to cyber-attacks. The smart city council should therefore aim to design riskresilient digital architecture. The architecture should possess the adaptive capability to arrest anomalies in the nascent stage, and lock down a subsystem without disturbing other live components, ensuring uninterrupted service delivery. 6

City councils should build resilient interdependent systems to handle cyber emergencies and restore impacted services quickly. An effective cyber resilience strategy also helps protect the various connected devices and assets in case of any eventuality. Business continuity planning (BCP) is an effective risk management initiative that can help the smart city council ensure the security and availability of smart services. Periodic BCP drills should be conducted, audited, and documented for ready reference during criticalities. This will enable smart cities to take a recovery oriented approach toward risk management. Adopting international standards The security standards and risk mitigation strategies currently being used to secure IT systems may not be adequate to safeguard the interdependent City council should establish systems in smart cities. ISO 22301:2012, the International Standard for proper communication Societal Security Business Continuity Management Systems² should be channels to respond to cyber adopted to prevent the disruption of citizen services. Proper communication threats and other management is critical for smart cities to respond to cyber threats and other emergencies exigencies. Communication channels with pre-identified points of contact should be defined, documented, and regularly updated. These documents should be made available to all stakeholders for easy reference if and when the need arises. Performing system impact and interdependency analysis Periodic system impact analysis should be performed to identify risks posed to critical interdependent systems and interconnected services, with appropriately defined recovery time and recovery point objectives. Smart cities should also have secure data receivers and data storage to collect and store data generated from the ICS and ITS components for analysis, decision making, and incident response management. The stored data should be periodically backed up. As a precautionary measure, data flow from control systems can be channelized using data diodes to prevent data contamination. Smart city councils should devise a component protection strategy to identify critical components of interdependent systems for agile risk analysis. A preliminary system interdependency analysis should be conducted to understand the requirements for information continuity at system interfaces, and to identify the critical components that enable the flow of vital information. This should be followed by a probabilistic interdependency analysis to manage the risks of high fidelity interdependent systems like smart grid, smart health monitoring systems for senior citizens and critical patients, and so on. This analysis can be helpful in enhancing the resilience of critical systems in a smart city. The CPNI Good Practice Guide for Process Control and SCADA Security³ can be used by city councils to ensure security and trustworthiness of the interdependent systems. It provides a framework based on industry best practices for process control and IT security. The framework focuses on seven key themes: 1) Understanding business risks 2) Implementing secure architecture 3) Establishing response capabilities [2] ISO, 2012. ISO 22301:2012, http://www.iso.org/iso/catalogue_detail?csnumber=50038, accessed November 2015 [3] Good Practice Guide Process Control and SCADA Security, http://www.cpni.gov.uk/documents/publications/2008/2008031-gpg_scada_security_good_practice.pdf, accessed November 2015 7

4) Improving awareness and skills 5) Managing third party risks 6) Engaging projects for security measures in service design 7) Establishing ongoing governance Ensuring citizen compliance Citizens of smart cities are bound to play a crucial role in ensuring the security of interdependent systems from cyber as well as physical security perspectives. Citizens with smart devices are critical points in the cyber system framework, and can be targeted by attackers and hackers to gain entry into the system. This can be done through social engineering, spam emails, data streaming, and other malicious methods. To prevent this, smart city councils should develop policies and procedures for establishment, maintenance, and operation of secure smart services. Cyber-awareness programs should be made mandatory for citizens, and penalties levied for non-compliance. Making Smart Cities Safe with Effective Risk Management Understanding and evaluating risks in smart city systems require a pragmatic approach to cyber risk management due to the high level of interconnectedness of smart services and the rapidly evolving nature of constituent systems. With smart cities projected to grow rapidly over the next few years, there is a clear need for smart city councils to focus on mitigating security concerns. Incorporating risk mitigation and developing strong security strategies in the initial planning and service design stages will enable smart city councils to provide safe, secure, and reliable services to its citizens. 8

About TCS IT Infrastructure Services Unit Leading organizations across industries work with TCS to realize their business transformation and innovation objectives by enhancing the availability, performance and agility of their IT infrastructure. Leveraging a combination of the cloud, new generation delivery models such as IaaS, PaaS, and SaaS, virtualization, and managed services, our offerings deliver the secure, flexible, and reliable IT infrastructure needed to power critical business applications, services and data. TCS infrastructure offerings encompass data center services, end-user computing (EUC), mobility services, cloud services and transformational solutions, converged network services, managed security services, application management services, enterprise systems management, IT service desk, and IT service management. Backed by our Assess-Build-Manage-Transform framework, extensive partner ecosystem, tools and automation frameworks, and technology Centers of Excellence (CoEs), analytics-led approach, to understand the 'as-is' state, and arrive at the 'to-be' state. As a result, you seamlessly transition from traditional infrastructure management services towards new generation delivery. Contact For more information about TCS IT Infrastructure Services, visit: http://www.tcs.com/offerings/it_infrastructure/pages/default.aspx Email: itis.presales@tcs.com Subscribe to TCS White Papers TCS.com RSS: http://www.tcs.com/rss_feeds/pages/feed.aspx?f=w Feedburner: http://feeds2.feedburner.com/tcswhitepapers About Tata Consultancy Services (TCS) Tata Consultancy Services is an IT services, consulting and business solutions organization that delivers real results to global business, ensuring a level of certainty no other firm can match. TCS offers a consulting-led, integrated portfolio of IT and IT-enabled infrastructure, engineering and TM assurance services. This is delivered through its unique Global Network Delivery Model, recognized as the benchmark of excellence in software development. A part of the Tata Group, India s largest industrial conglomerate, TCS has a global footprint and is listed on the National Stock Exchange and Bombay Stock Exchange in India. For more information, visit us at www.tcs.com IT Services Business Solutions Consulting All content / information present here is the exclusive property of Tata Consultancy Services Limited (TCS). The content / information contained here is correct at the time of publishing. No material from here may be copied, modified, reproduced, republished, uploaded, transmitted, posted or distributed in any form without prior written permission from TCS. Unauthorized use of the content / information appearing here may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties. Copyright 2015 Tata Consultancy Services Limited TCS Design Services I M I 10 I 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information