Page 453 - Shaping smarter and more sustainable cities - Striving for sustainable development goals
P. 453
SSC information security technical protection
The core protection mechanism for SSC functions through a comprehensive security system that
should be established in four directions, namely physical and environmental security, system
security, network security, and data and application security on a technical level.
Physical and environment security contains several aspects of environment security,
equipment security, as well as disaster recovery and prevention.
System security includes three main aspects: anti‐virus technology, host security
reinforcement, and operating system security.
Network security involves gateway anti‐virus, firewall, and intrusion detection.
Data and applications security includes database encryption and database backup
technologies, among others.
SSC security of applications
Within SSC environment, the security of various applications should be based on the information
security mechanism that relies not only on technical protection security, but also on security
management, security operation and maintenance aspects.
8 Cybersecurity and a SSC governance framework
Traditional mechanisms to organize and coordinate efforts among city stakeholders may prove
insufficient to achieve the goals of smart sustainable cities, and ultimately ensure a better quality
of life to city dwellers, businesses and visitors facing the effects of increasing threats.
The need for interoperability of different smart systems and data sets generates the need for a
unified approach to governance, to ICTs, and in particular, to cybersecurity and data protection
mechanisms.
SSC stakeholders are faced by the need to ensure that the ICT approach and the related cyber‐
protection mechanisms are interwoven with the overall development strategy of the city. Chief
Information Officers (CIOs) are becoming increasingly involved in devising these strategies, in
collaboration with policy and decision‐makers.
Each stakeholder, including system administrators, will have to consider the wider implications of
security incidents, regardless of their nature. This involves considering how the recovering process
could impact upon other components of the cities' services and operations.
Similarly, any subsequent adjustment aimed at addressing new system vulnerabilities will have to
take into account the implications of those measures on any related system, both in terms of
interoperability and cybersecurity.
A centralized governance body for SSC could utilize a central virtual dashboard, comprising the ICT
operational center, to run the services provided by SSC and provide ongoing assessment and timely
response to varying incidents and needs. With the reliability of SSC services at stake, absolute
continuity, reliability and safety must be guaranteed.
Any threat to the security of the system and its information can be detected, analysed and dealt
with using threat intelligence services. The deployed ICT should be able to obtain reliable threat and
vulnerability intelligence, and consequently dynamically adjust its security stance. In the case of
incidents, these need to be promptly and effectively managed by specialist operators and incident
ITU‐T's Technical Reports and Specifications 443
