The investment into a smart city cyber security strategy will be considerable, in both monetary and resource effort, so it is very important to define the variety of strategic context for senior stakeholders and those involved in operations. Assumptions are often too easily made on the basis that the reasons, goals and objectives are fully understood by all involved in the strategy. “Isn’t it obvious” is a phrase often used to describe a strategic requirement and in turn, it is regularly met by a general agreement, often from those who don’t fully understand and are too shy to question.
Strategic context requires as much breadth and depth as needed to ensure that the meaning and reasoning is clear and supported by sufficient evidence. This is where the use of standards and best practice are very important in supporting strategic context by breaking the context down into a framework that is divided into sections and sub-sections and with a clear course of action.
There are several important areas of the context within a smart city cyber security strategy but there is one, in particular, that has to be understood and designed to continually evolve and adapt to City growth and changes and that is knowledge management. Cyber security operations collect data and transform it into usable information and then finally into knowledge to support processes, decisions and actions. Data are just objective facts, generated specifically e.g. from a sensor, or as a byproduct e.g. events and logs. Data becomes useful information when it becomes analysed and categorised and placed in context and thus becomes relevant and has a purpose. Information becomes knowledge – as per cyber security operations – when it is used to assess consequences (Triage and Incident Management), establish patterns or connections and as evidence in reporting and decision making.
A good example of cyber security in the wider context of a Smart City strategy can be found within the City of Sydney, Australia, Smart City Framework and the PDF report – Smart City Strategic Framework in alignment with ISO 37106:2018. To quote from the publication:
Strategic Outcome 3: Priority One: Data-driven monitoring, prediction and management of city conditions and impacts of shocks and stresses.
Due to the significant value of data, the City sees cyber resilience as a foundational component for overall resilience. Consequently, the City has adopted a ‘security by design’ approach to its smart transformation, embedding security measures and protocols across its digital infrastructure from the beginning in order to protect long-term integrity.
Smart City Cyber Security 