23.9.2015. Kangas Cybersecurity strategy



Similar documents
Certified Identity and Access Manager (CIAM) Overview & Curriculum

IoT & SCADA Cyber Security Services

Jyväskylä Cyber Security Ecosystem

Participants: Introduction:

Overview TECHIS Carry out risk assessment and management activities

How To Create A Global Signer For The Internet Of Everything

Cybersecurity Framework: Current Status and Next Steps

Navigating the NIST Cybersecurity Framework

RESEARCH CALL TO DOE/FEDERAL LABORATORIES. Cybersecurity for Energy Delivery Systems Research Call RC-CEDS

How to Secure Your Environment

The Legal Pitfalls of Failing to Develop Secure Cloud Services

Intelligent. Buildings: Understanding and managing the security risks

NICE and Framework Overview

Information security controls. Briefing for clients on Experian information security controls

PCI Solution for Retail: Addressing Compliance and Security Best Practices

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

April 28, Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC

Cybersecurity Enhancement Account. FY 2017 President s Budget

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

SDN Security Challenges. Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure July 2015

Combining Security Risk Assessment and Security Testing based on Standards

W H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s

Demystifying Wireless for Real-World Measurement Applications

US Federal Cyber Security Research Program. NITRD Program

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY

National Cyber Security Strategies: United States

Industrial Control Systems Security Guide

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The following comments are being jointly presented by TASC and BTS (Battlefield Telecommunications Systems, LLC.)

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

Jyväskylä - an attractive centre of growth

GOVERNMENT USE OF MOBILE TECHNOLOGY

IEEE-Northwest Energy Systems Symposium (NWESS)

Cyber Security VTT and the Finnish Approach

Knowledge Based Authentication [KBA] is not just for onboarding new customers

Submitted at:

The Challenges of Securing the Internet of Things (IoT) at Scale

Use of Exchange Mail and Diary Service Code of Practice

Leveraging Regulatory Compliance to Improve Cyber Security

Framework for Improving Critical Infrastructure Cybersecurity

FICORA s strategy 2020

Cyberprivacy and Cybersecurity for Health Data

Rising to the Challenge

CESG Certification of Cyber Security Training Courses

Cyber R &D Research Roundtable

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

New Devices Mean New Risks: The Potential for Liability When Software is a Component of Medical Devices. September 25, 2013

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

Cloud security architecture

Domain 1 The Process of Auditing Information Systems

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

CSci 530 Midterm Exam. Fall 2012

ICT SECURITY SECURE ICT SYSTEMS OF THE FUTURE

Defining a Secure Mobile Framework Architecture at DHA

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Information Security Policies and Procedures Development Framework for Government Agencies. First Edition AH

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order Improving Critical Infrastructure Cybersecurity

A COMPLETE APPROACH TO SECURITY

Department of Technology Services

Cybersecurity & Public Utility Commissions

ISO COMPLIANCE WITH OBSERVEIT

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

A Workshop on Website Quality, Accessibility and Security April 2, Websites & web-enabled applications Hosting and Security

NIST Cybersecurity Framework Manufacturing Implementation

US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST)

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium , Miami Beach FL / USA

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

ISO 27002:2013 Version Change Summary

SMALL BUSINESS PRESENTATION

Privacy and Security in Healthcare

RESEARCH NOTE. Workplace Service. Predictions for Mobile, 2015: Mobile-First Apps and the Imperative to Protect the Enterprise

Northrop Grumman White Paper

WWRF Cloud Implications to Security, Privacy, and Trust

Logging In: Auditing Cybersecurity in an Unsecure World

IT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities

End Point Devices to be Deployed for Each. AC Independence

Electronic Communication In Your Practice. How To Use & Mobile Devices While Maintaining Compliance & Security

Protection of Essential Infrastructure and Services

Mobile multifactor security

National Institute of Standards and Technology Smart Grid Cybersecurity

Big Data, Big Risk, Big Rewards. Hussein Syed

Joint Wireless Review Committee Business Case

THE FUTURE OF SMART GRID COMMUNICATIONS

Cyber Security Education: My Personal Thoughts. Bharat Doshi

ARE YOU WIRING FOR A SMART HOME? Guidelines for homeowners on the wiring requirements for telecommunications and other wired services.

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

Patch and Vulnerability Management Program

WORK PROGRAMME Topic ICT 9: Tools and Methods for Software Development

What Cloud computing means in real life

Feature. SCADA Cybersecurity Framework

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Combining Security Risk Assessment and Security Testing based on Standards

SURE 5 Zone DDoS PROTECTION SERVICE

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Code of Practice for Cyber Security in the Built Environment

Transcription:

Kangas Cybersecurity strategy

Vision of Kangas Smart Kangas Life and living at Kangas is convenient, easy and safe. Kangas is resource-wise and it is attractive place of work. Security and safety measures are in balance with emerging security threats caused by technological development and increasing collaboration.

Cybersecurity strategies and legislation

Foundations of the cybersecurity at Kangas Open Smart Experimental

Cybersecurity governance Governance is must in evolving security environment Key topics of governance Who decides and is responsible? Who will participate? How we operate? Where we get resources? How resilience is created? City of Jyväskylä is responsible for creating governance model, no one else will do it

Risk-based action plans Holistic perspective shall be used in risk management Risk evaluation shall be made considering area of the Kangas as whole All relevant stakeholders shall participate in risk management and implementation of controls It is essential that both domain experts and cyber security experts participate in risk management Risk evaluation shall be repeated at regular intervals or when major changes occur

Contractual liabilities Currently cyber security is ignored in call for tenders and contracts One major obstacle is lack of competence in acquisition organizations Cyber security as part of acquisitions 1. Define security goals 2. Define cybersecurity requirements 3. Evaluate criteria for security requirements 4. Written security requirements and SLA s in contracts 5. Verification and validation of the cyber security requirements as part of acceptance testing 6. Continuous security monitoring and reporting

Topics covered in the strategy Infrastructure Optical regional area network Networking local critical services Building automation and cabling Wireless networks; wifi and mobile Secure business premises Physical access control Area portal Infrastructure service and maintenance Living and services Policies affecting to residents Service business Security management Governance Contract management Privacy Authentication and access control Authorization and consent management Validation and verification Security updates and patch process R&D Living lab Open data

Networks Regional optical network shall be fault tolerant Critical network premises shall be protected with appropriate security controls Possibility to add cabling later must be considered in all buildings Building automation networks shall be separated Building automation shall be protected using central access control, direct access from internet is prevented Radio network coverage must be considered in lowenergy buildings

Significant innovation enabler Lower life-cycle costs Rental and senior houses Office premises Increased convenience Electronic locking and access control One Kangas, multiple spaces, one key Integration to the local IAM is required Single Kangas identity over all services Easy deployment of new services Technology shall evolve How to ensure cooperation of different technologies

Area portal Primary collaboration and communication platform Integration to local IAM enables efficient access control IAM integration is needed to fulfill the vision of Kangas One access point for information and services eservices Information sharing Crowdsourcing Secure area needs secure portal

Living Lab Kangas is modern and interesting area for research and innovation Infrastructure and community supporting experiments New technology provides ways to collect more information easily Living Lab data should be managed centrally ensuring privacy and security Use of Living Lab data should be easy and straight forward Approved contract models available in portal Privacy must be guaranteed

Living Lab challenges

Resident perspective Right for privacy and net neutrality Resident is responsible for device security inside apartment Services of Kangas must be trustworthy Availability of information is important Communication using portal Information sharing events Training

Resourcing Cyber security requires resources both during construction and use Residents are not willing to pay extra for cyber security Fulfilling the cyber security promise needs city involvement Cyber security should be a part of normal operative resourcing not separate

Implementation phases 2015 2016 2017 2018..... 2025 2026..... 2040 Common security requirements IAM & portal Governance Requirements for construction Maintenance Other cyber security tasks based on criticality

Thank you!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information