I am going to use the Cisco SAFE security reference architecture as a complimentary method to NIST CSF to help explain how these methods can be used to support a Smart City Cyber Security Strategy. SAFE is further expanded through its identification of threat types and mapping to MITRE ATT&CK. In particular i will focus on how SAFE uses the Business Flow model to define the roles, technologies, capabilities and domains across an end to end view of connectivity. The examples of this can be found in this overview guide.
The SAFE method organises security by using two core concepts: Places in the Network (PINs) and Secure Domains. These concepts should relate to Smart Cities but i have adjusted two to make a better association.
PINs reference examples of locations that are found in networks and the infrastructure needed to create them:
- Data center
- Branch (Sub-organisation connected to City or City Administration)
- Campus (City Administration)
- WAN
- Internet edge
- Cloud
Secure Domains are operational areas used to protect these locations. They are security concepts that traverse an entire network:
- Management
- Security intelligence
- Compliance
- Segmentation
- Threat defence
- Secure services
Access to the Cisco SAFE documentation and guides can be found through:-
Smart City Cyber Security 