Introduction to a series of posts and resources i plan to put together to outline the key aspects of a Cyber Security Framework for a Smart City strategy.
Having recently acted as an Advisor to a new Innovate UK research project I thought I would use and adapt some of the recommendations, for problems I was addressing, for Smart City Cyber Security. The problems I was looking at were focused on the development of cyber security solutions and services for vehicles and transport systems and of which the scope included the vehicles, infrastructure and organisations as well as the aspects of operating, managing and using transport both privately and commercially. It is all becoming increasingly interconnected and as such needs to be secure and monitored at a local level and even more so at the national level.
Part of the problem was how to define an effective means to design and build cyber security solutions and services in a controlled fashion where multiple parties take on particular roles and responsibilities. The parties range from commercial organisations, Universities, Local and National Government agencies and the scope of monitoring covers a huge amount of assets in a variety of environments. It is this that made me think of the similarities with Smart Cities – a huge number of assets and complex environments.
Just recently I was with a client who was very concerned about the year-on-year rise in data volumes and demands from the business to secure new services and projects faster than ever across their global operations. After that meeting I put together the diagram below as a way of representing all of the different things and aspects that need to be considered both as a way of understanding the scope but also of what can be used or adapted. Best practice and standards will form the majority of guidance in conjunction with what is new and more changeable such as legislation, threat landscape and asset types. There is also a dependency on levels of maturity to cope with the change and legacy transition as well as deal with things that are new. It will be very easy for the scale and complexity to overwhelm and I have seen a lot of this in the past.
Whilst there seems to be a lot to consider it is made easier by applying existing methodologies and frameworks rather than reinvent the process. This does not mean that every part of a method or framework needs to be applied. It is there for reference and the role of the designer is one to decide what is useful to use and what is not. There is one particular area – which I am covering in a separate part to this blog – which requires particular attention – being Classification and Categorisation underpinned by Knowledge Management. As AI and ML become more mature in their role in cyber security they will become even more effective when supported by definition and meaning – as derived from Classification and Categorisation.
Smart City Cyber Security 