Deploying smart city infrastructure unleashes unprecedented value for city officials while positively impacting lives of citizens. But, like anything of municipal value, smart city infrastructure can be a target for cyber and physical attacks. Whether these potential attacks are vandalism, hardware or data theft to facilitate breach of third-party systems, cities can experience peace of mind if they implement our City IQ™ multi-layered approach to security.
Innovated and built from the ground up for heavily regulated domains, CityIQ leverages open-source technologies and standards – which is advantageous for our robust ecosystem of over seventy partners. As the security benefits of CityIQ help strike a balance between cost of implementation and the total costs of a breach, our platform allows customers to deploy industrial-grade cyber security to address three pillars: edge, connectivity and cloud.
Edge security focuses on protecting local data and securing access to the larger system. First, ensure every CityIQ node within your smart city has a unique, trackable identity and can be remotely authenticated using the device’s unique certificates stored within its Trusted Platform Module. Secondly, authenticate every removable module by using a reverse-engineering resistant crypto-chip carrying the module identity. These efforts, along with the secure boot sequence, allow smart cities to build a tree of trust expanding from the semiconductor components to the encrypted file system. This method ensures the information stored on it is protected and the effects are limited to the loss of the single node – even if the perpetrator possesses the node. As a final precaution, prior to node update deployment, ensure continuity of the security by signing and verifying software patches.
This pillar is subject of dual concern – security of the transmitted data and prevention of leveraging its infrastructure to mount an attack on third party systems. When addressing these concerns learn and embrace the best practices developed by the GE Cyber Security team. One of the best practices should be to use encrypted, two-way Transport Layer Secure protocol and transmit only via secure tunnels with source and destination inspection at the interface points.
Built on top of GE’s Predix cloud, CityIQ security is imbedded at every level of the cloud stack, ensuring over sixty compliance standards and contractual clauses related to data including Export control, HIPAA, FedRAMP, and others. Additionally, 24/7/365 monitoring of CityIQ’s cloud infrastructure, apps and APIs allow for constant recommendations and hardening by our “red teams” who work to find vulnerabilities before potential attackers do. Assigning separate data persistence instances, CityIQ data further ensures segmentation of the data access. Lastly, when using an open yet secure platform, leverage Predix's Open Authentication (OAuth2) standard to manage users and OAuth2 clients accessing CityIQ APIs.
Only when security needs for each pillar – edge, connectivity, and cloud – are properly implemented can you achieve effective and persistent security for your evolving intelligent city.
Amine Chigani, Chief Architect, Current, powered by GE, has expertise in IoT architectures, agile development, and systems thinking that drive product quality, reduce technology/mission risk, and deliver customer value. Connect with Amine on LinkedIn.
Gleb Geguine, Chief Engineer at Current, powered by GE, has 25 years experience bringing emerging technology platforms from concepts to product level in high-performance industrial domains. Connect with Gleb on LinkedIn.