Kangas Cybersecurity strategy
Vision of Kangas Smart Kangas Life and living at Kangas is convenient, easy and safe. Kangas is resource-wise and it is attractive place of work. Security and safety measures are in balance with emerging security threats caused by technological development and increasing collaboration.
Cybersecurity strategies and legislation
Foundations of the cybersecurity at Kangas Open Smart Experimental
Cybersecurity governance Governance is must in evolving security environment Key topics of governance Who decides and is responsible? Who will participate? How we operate? Where we get resources? How resilience is created? City of Jyväskylä is responsible for creating governance model, no one else will do it
Risk-based action plans Holistic perspective shall be used in risk management Risk evaluation shall be made considering area of the Kangas as whole All relevant stakeholders shall participate in risk management and implementation of controls It is essential that both domain experts and cyber security experts participate in risk management Risk evaluation shall be repeated at regular intervals or when major changes occur
Contractual liabilities Currently cyber security is ignored in call for tenders and contracts One major obstacle is lack of competence in acquisition organizations Cyber security as part of acquisitions 1. Define security goals 2. Define cybersecurity requirements 3. Evaluate criteria for security requirements 4. Written security requirements and SLA s in contracts 5. Verification and validation of the cyber security requirements as part of acceptance testing 6. Continuous security monitoring and reporting
Topics covered in the strategy Infrastructure Optical regional area network Networking local critical services Building automation and cabling Wireless networks; wifi and mobile Secure business premises Physical access control Area portal Infrastructure service and maintenance Living and services Policies affecting to residents Service business Security management Governance Contract management Privacy Authentication and access control Authorization and consent management Validation and verification Security updates and patch process R&D Living lab Open data
Networks Regional optical network shall be fault tolerant Critical network premises shall be protected with appropriate security controls Possibility to add cabling later must be considered in all buildings Building automation networks shall be separated Building automation shall be protected using central access control, direct access from internet is prevented Radio network coverage must be considered in lowenergy buildings
Significant innovation enabler Lower life-cycle costs Rental and senior houses Office premises Increased convenience Electronic locking and access control One Kangas, multiple spaces, one key Integration to the local IAM is required Single Kangas identity over all services Easy deployment of new services Technology shall evolve How to ensure cooperation of different technologies
Area portal Primary collaboration and communication platform Integration to local IAM enables efficient access control IAM integration is needed to fulfill the vision of Kangas One access point for information and services eservices Information sharing Crowdsourcing Secure area needs secure portal
Living Lab Kangas is modern and interesting area for research and innovation Infrastructure and community supporting experiments New technology provides ways to collect more information easily Living Lab data should be managed centrally ensuring privacy and security Use of Living Lab data should be easy and straight forward Approved contract models available in portal Privacy must be guaranteed
Living Lab challenges
Resident perspective Right for privacy and net neutrality Resident is responsible for device security inside apartment Services of Kangas must be trustworthy Availability of information is important Communication using portal Information sharing events Training
Resourcing Cyber security requires resources both during construction and use Residents are not willing to pay extra for cyber security Fulfilling the cyber security promise needs city involvement Cyber security should be a part of normal operative resourcing not separate
Implementation phases 2015 2016 2017 2018..... 2025 2026..... 2040 Common security requirements IAM & portal Governance Requirements for construction Maintenance Other cyber security tasks based on criticality
Thank you!