Security Controls, Smart City Cyber Security

Cities, critical infrastructure and maturity

Whilst technically a City is not deemed Critical National Infrastructure there are or soon will be good reasons to consider capitals and major cities as something critical to the safety, welfare and economy of a country.

Consider the UK government’s official definition of CNI:

‘Those critical elements of infrastructure (namely assets, facilities, systems, networks or processes and the essential workers that operate and facilitate them), the loss or compromise of which could result in:

a)    Major detrimental impact on the availability, integrity or delivery of essential services – including those services whose integrity, if compromised, could result in significant loss of life or casualties – taking into account significant economic or social impacts; and/or

b)    Significant impact on national security, national defence, or the functioning of the state.

As cities today transform themselves into Smart Cities, in the coming years, citizens and services will become ever more dependent upon the smart technology that administers, manages and delivers critical services. As such the current definition of critical infrastructure applies to the concept of a city as a whole and certainly that of a capital or cities with a very large population.

So the cyber security maturity of a smart city needs to consider the learning and best practice from current CNI organisations and one, in particular, is the guidance developed in the USA called C2M2 – Cybersecurity Capability Maturity Model.

The model looks at 10 domains of cybersecurity:

  • Risk management
  • Asset, change, and configuration management
  • Identity and access management
  • Threat and vulnerability management
  • Situational awareness
  • Information sharing and communications
  • Event and incident response, continuity of operations
  • Supply chain and external dependencies management
  • Workforce management
  • Cybersecurity program management

The Department of Energy (DOE) developed the Cybersecurity Capability Maturity Model (C2M2) from the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Version 1.0 by removing sector-specific references and terminology. The ES-C2M2 was developed in support of a White House initiative led by the DOE, in partnership with the Department of Homeland Security (DHS), and in collaboration with private- and public-sector experts. [Department of Energy (DOE)]

Further Considerations

Resources
I plan to explore the lessons and applicability of C2M2 in further research into Smart City Cyber Maturity.

Unknown's avatar

Published by Tolosa

Cyber Security Consultant and Enterprise Architect with an interest in semantic systems for security, strategy and architectural development.

Leave a comment