Cybersecurity and Privacy
|Cybersecurity and Privacy|
Cybersecurity and Privacy
|Team Members||Department of Homeland Security|
Global Cyber Alliance
ISC2 Silicon Valley Chapter
San Mateo County
SF Bay ISSA
Smart Connections Consulting
The Sorter Group
|Blueprint||Cybersecurity and Privacy|
This set of 15 projects is managed by the Cybersecurity and Privacy Advisory Committee (CPAC), a public-private partnership dedicated to built-in cybersecurity and privacy best practices and considerations in Smart Secure Cities and Communities.
Smart Secure Cities and Communities unleash tremendous potential built on the power of data and technology. With great power comes great responsibility. Well designed and executed, municipalities and citizens will harvest marvelous benefits such as less traffic congestion, faster emergency services, and safer environments. Inadequately designed and executed, however, municipalities and citizens may subject themselves to undesirable consequences such as loss of privacy, data breaches, financial loss and disruption to their work and even lives.
Formed in March 2018, CPAC consists of cybersecurity and privacy professionals and practitioners from governments, nonprofits and private businesses. CPAC achieves its goal by 1) helping SuperClusters build cybersecurity and privacy best practices and considerations in their blueprints; 2) providing one-size-does-not-fit-all methodologies to enable SuperClusters and municipalities to comply with laws and standards pertinent to them. To ensure timely, tailored and consistent support, CPAC embeds champions in SuperClusters' leadership teams and invite SuperClusters' leaders into CPAC leadership to guide its direction and priorities. Membership is open to all communities, private sector enterprises, non-governmental organizations, and government agencies (at all levels).
|Advanced Flood Warning and Environmental Awareness|
|AFWEAR is a real-time network of environmental sensors, including rain and precipitation sensors that will be located throughout the city of Rohnert Park, a city at the base of Sonoma Mountain in Sonoma County, CA, located 50 miles north of San Francisco with population of 40,000. The purpose of the system will be the following:
|Building Human Centered Smart City|
|Citizen App, the first of its kind, empower individuals to claim and legally own their data from across multiple sources, then use it securely and seamlessly in everyday life.|
|CryptoMove San Leandro Smart Lights Project|
|Create reference architecture for Smart Lights and Sensors via deployment of CryptoMove Moving Target Data Protection to render data onto a constantly shifting and mutating defensive fabric, thereby greatly decreasing the likelihood of exfiltration of sensitive data, and likewise for ransomware probability.|
|Cybersecurity Risk Assessment and Mitigation|
|Empower municipalities with cybersecurity risk assessment methodology and resources to enable timely understanding of their risk levels and appropriate mitigation against cyberrisks.
The risk assessment methodology is adapted from NIST Cybersecurity Framework with a Technical Risk Rating component and an Expert Assessment. The daunting resource shortage is addressed by a unique volunteer matching mechanism based on public-private partnerships.
|Deployment of user-friendly, secure and sustainable federated public Wi-Fi systems|
|To deploy a sustainable federated public Wi-Fi solution across Singapore that is has easy to use secure authenticated access and jointly develop a set of best practices with cities, industry players, and the academia to promote coordinated public Wi-Fi deployment, to address signal interference issues, standardizing user experience and security.|
|Family CARE - Caregiver 2.0|
|Presence Caregiver learns daily activity patterns and can warn caregivers, family members and friends about incidents of concern with text alerts of potential hazards including falls, water leaks and wandering.|
|IoT Device Security for Smart Cities|
|Managing Cybersecurity and Privacy Risk for Smart Public Safety IoT Devices and Systems|
|This use case provides a notional approach to address cybersecurity and privacy risks related to incorporating IoT in smart public safety applications. This use case posits some of the major activities, key stakeholders, and potential resources for each step of the cybersecurity and privacy risk management process.|
|Risk Assessment and Prioritization in the Smart City Cyber Resilience Planning Process|
|This use case summarizes an engagement between a GCTC Action Cluster member, Adaptable Security Corp (ADA), and a California municipality, focusing on how the risk management process, with a particular focus on risk assessment and prioritization, played a critical role in the overall cyber resilience planning process. The content covered in this use case primarily aligns with the Prepare, Select, Assess, and Monitor steps of the RMF.|
|Risk Assessment in the County of San Mateo, California|
|This use case describes how risk assessment has been implemented in the County of San Mateo, California, and identifies activities that align most closely with the Step 0: Prepare and Step 6: Monitor steps of the risk management process. However, the assessment process and the outputs from the assessment also involve elements from and inform all of the other risk management steps (i.e., Step 1: Categorize, Step 2: Select, Step 3: Implement, Step 4: Assess, Step 5: Authorize). Refer to Appendix B of this Guidebook for an example of the risk assessment questionnaire and its application.|
|Risk Management in a Privacy-Specific Context|
|This use case describes how the risk management concepts and processes presented in this Guidebook apply in privacy-specific applications. Given the overlapping relationship of cybersecurity and privacy, much of the information in this use case may sound similar to, or even identical to, aspects of cybersecurity risk management. This reinforces the notion that cybersecurity and privacy are closely related and should generally be considered in tandem.|
|Secure Cloud Architecture SC3-cpSriA|
|Smart cities run largely on cloud services for efficiency and affordability reasons. Residents, government agencies, and small and medium businesses can benefit from an Architecture or Framework for privacy and rights-inclusive security practices across smart city and community cloud services. First, the City of Syracuse, New York, USA, in cooperation with Syracuse University and SC3-cpSriA Action Cluster(Smart City and Community Challenge Cloud privacy security rights inclusive Architecture) consider how the Architecture guidelines may apply. The SC3-cpSriA Action Cluster welcomes new members to broaden the debate. First, smart streetlight networks, catch basin monitoring, and water metering projects may consider if and how security, privacy, data protection and rights-inclusive cloud architecture guidelines may be followed. The ethics for facial recognition, machine learning and artificial intelligence systems and cloud services in future smart cities with privacy, security and rights-inclusive architecture will also be reviewed. Can architecture guidelines help protect citizens rights and encourage growth of smart city open data lakes, encouraging civic engagement and data privacy security and rights-inclusive innovation, entrepreneurship and economic development?|
|Smart Wide Area Protection and Security for All from Concorde Security|
|Concorde provides Wide Area Protection for a Cluster of buildings from a mobile surveillance vehicle (called I-Man Facility Sprinter or “IFS”) manned by a 2-3 man specialist team.
|Tampa Hillsborough Expressway Authority (THEA) Connected Vehicle (CV) Pilot Security Management Operating Concept (SMOC)|
|Development of a Security Management Operating Concept (SMOC) for phase I of the Tampa Hillsborough Expressway Authority (THEA) Connected Vehicle (CV) Pilot Deployment Program. This focuses on how the THEA team developed an approach to the SMOC (i.e., Prepare); categorized information flows and systems (i.e., Categorize); and selected security controls to establish draft, minimum security control baselines (i.e., Select). The resulting SMOC is largely based on the NIST RMF and provides guidance for ensuring “the privacy of pilot participants and the overall security of the Vehicle-to-Everything (V2X) system for the THEA CV Pilot.”|
|Making data and identity security easy to use and private is our mission. We sweat every detail to ensure the best experience possible while maintaining the highest level of security. Tozny’s solution allows us to take that security to the next level, and ensures that our client’s most sensitive data is as protected as possible.|