Cybersecurity and Privacy

From OpenCommons
Jump to navigation Jump to search
Cybersecurity and Privacy
Cybersecurity and Privacy 200.jpg
Cybersecurity and Privacy
Team Members Department of Homeland Security
Cybertrust America
Evo Monitors
EP3 Foundation
Global Cyber Alliance
ISC2 Silicon Valley Chapter
San Mateo County
Smart Connections Consulting
The Sorter Group
SRI International
Blueprint Cybersecurity and Privacy

This set of 15 projects is managed by the Cybersecurity and Privacy Advisory Committee (CPAC), a public-private partnership dedicated to built-in cybersecurity and privacy best practices and considerations in Smart Secure Cities and Communities.

Smart Secure Cities and Communities unleash tremendous potential built on the power of data and technology. With great power comes great responsibility. Well designed and executed, municipalities and citizens will harvest marvelous benefits such as less traffic congestion, faster emergency services, and safer environments. Inadequately designed and executed, however, municipalities and citizens may subject themselves to undesirable consequences such as loss of privacy, data breaches, financial loss and disruption to their work and even lives.

Formed in March 2018, CPAC consists of cybersecurity and privacy professionals and practitioners from governments, nonprofits and private businesses. CPAC achieves its goal by 1) helping SuperClusters build cybersecurity and privacy best practices and considerations in their blueprints; 2) providing one-size-does-not-fit-all methodologies to enable SuperClusters and municipalities to comply with laws and standards pertinent to them. To ensure timely, tailored and consistent support, CPAC embeds champions in SuperClusters' leadership teams and invite SuperClusters' leaders into CPAC leadership to guide its direction and priorities. Membership is open to all communities, private sector enterprises, non-governmental organizations, and government agencies (at all levels).


  • Scott Tousley
    Chief Development Officer at Inca Digital
    Washington, DC United States
  • Lan Jenson
    Chief Executive Officer at Cybertrust America
    San Francisco CA United States


RohnertPark.jpg Advanced Flood Warning and Environmental Awareness
AFWEAR is a real-time network of environmental sensors, including rain and precipitation sensors that will be located throughout the city of Rohnert Park, a city at the base of Sonoma Mountain in Sonoma County, CA, located 50 miles north of San Francisco with population of 40,000. The purpose of the system will be the following:
  • Improve flood response time and efficiency throughout the city.
  • Link rainfall observations in the upper watershed (on the hill) and coasts to predictions of stream flow in the city.
  • Provide ability to incorporate various environmental sensors, watershed models (assessment tools to plan and manage watersheds), and user-friendly communication tools into the network to allow for rapid understanding and collaboration between scientists, citizens, and city planners as necessary in response to environmental “events”.
Taipei1.jpg Building Human Centered Smart City
To deliver:
  • BiiMe as the Digital ID to leverage with DLT
  • Global roaming service based on the DID
  • Increase the Data Liquidity, Data Integrity & Data privacy
EKYC.jpg Citizen App
Citizen App, the first of its kind, empower individuals to claim and legally own their data from across multiple sources, then use it securely and seamlessly in everyday life.
CasaPeraltaLights.png CryptoMove San Leandro Smart Lights Project
Create reference architecture for Smart Lights and Sensors via deployment of CryptoMove Moving Target Data Protection to render data onto a constantly shifting and mutating defensive fabric, thereby greatly decreasing the likelihood of exfiltration of sensitive data, and likewise for ransomware probability.
ActionClusterImage.png Cybersecurity Risk Assessment and Mitigation
Empower municipalities with cybersecurity risk assessment methodology and resources to enable timely understanding of their risk levels and appropriate mitigation against cyberrisks.

The risk assessment methodology is adapted from NIST Cybersecurity Framework with a Technical Risk Rating component and an Expert Assessment. The daunting resource shortage is addressed by a unique volunteer matching mechanism based on public-private partnerships.

Singaporefreewifi.jpg Deployment of user-friendly, secure and sustainable federated public Wi-Fi systems
To deploy a sustainable federated public Wi-Fi solution across Singapore that is has easy to use secure authenticated access and jointly develop a set of best practices with cities, industry players, and the academia to promote coordinated public Wi-Fi deployment, to address signal interference issues, standardizing user experience and security.
PresenceCaregiver.jpeg Family CARE - Caregiver 2.0
Presence Caregiver learns daily activity patterns and can warn caregivers, family members and friends about incidents of concern with text alerts of potential hazards including falls, water leaks and wandering.
TIoT-Enabled Smart City Framework.png IoT Device Security for Smart Cities
  • Use of PKI to mutually-authenticate IoT devices to networks & gateways
  • Secure provisioning, registration and production PKI certificates
  • Life-Cycle Management of IoT Device certificates
Considerations for managing IoT.png Managing Cybersecurity and Privacy Risk for Smart Public Safety IoT Devices and Systems
This use case provides a notional approach to address cybersecurity and privacy risks related to incorporating IoT in smart public safety applications. This use case posits some of the major activities, key stakeholders, and potential resources for each step of the cybersecurity and privacy risk management process.
Service Guide.jpg Risk Assessment and Prioritization in the Smart City Cyber Resilience Planning Process
This use case summarizes an engagement between a GCTC Action Cluster member, Adaptable Security Corp (ADA), and a California municipality, focusing on how the risk management process, with a particular focus on risk assessment and prioritization, played a critical role in the overall cyber resilience planning process. The content covered in this use case primarily aligns with the Prepare, Select, Assess, and Monitor steps of the RMF.
San Mateo Vuln map.jpg Risk Assessment in the County of San Mateo, California
This use case describes how risk assessment has been implemented in the County of San Mateo, California, and identifies activities that align most closely with the Step 0: Prepare and Step 6: Monitor steps of the risk management process. However, the assessment process and the outputs from the assessment also involve elements from and inform all of the other risk management steps (i.e., Step 1: Categorize, Step 2: Select, Step 3: Implement, Step 4: Assess, Step 5: Authorize). Refer to Appendix B of this Guidebook for an example of the risk assessment questionnaire and its application.
Phases-of-risk-image.png Risk Management in a Privacy-Specific Context
This use case describes how the risk management concepts and processes presented in this Guidebook apply in privacy-specific applications. Given the overlapping relationship of cybersecurity and privacy, much of the information in this use case may sound similar to, or even identical to, aspects of cybersecurity risk management. This reinforces the notion that cybersecurity and privacy are closely related and should generally be considered in tandem.
Secure Cloud Architecture SC3-cpSriA.jpg Secure Cloud Architecture SC3-cpSriA
Smart cities run largely on cloud services for efficiency and affordability reasons. Residents, government agencies, and small and medium businesses can benefit from an Architecture or Framework for privacy and rights-inclusive security practices across smart city and community cloud services. First, the City of Syracuse, New York, USA, in cooperation with Syracuse University and SC3-cpSriA Action Cluster(Smart City and Community Challenge Cloud privacy security rights inclusive Architecture) consider how the Architecture guidelines may apply. The SC3-cpSriA Action Cluster welcomes new members to broaden the debate. First, smart streetlight networks, catch basin monitoring, and water metering projects may consider if and how security, privacy, data protection and rights-inclusive cloud architecture guidelines may be followed. The ethics for facial recognition, machine learning and artificial intelligence systems and cloud services in future smart cities with privacy, security and rights-inclusive architecture will also be reviewed. Can architecture guidelines help protect citizens rights and encourage growth of smart city open data lakes, encouraging civic engagement and data privacy security and rights-inclusive innovation, entrepreneurship and economic development?
IFS.jpg Smart Wide Area Protection and Security for All from Concorde Security
Concorde provides Wide Area Protection for a Cluster of buildings from a mobile surveillance vehicle (called I-Man Facility Sprinter or “IFS”) manned by a 2-3 man specialist team.
  • Deploy security infrastructure comprising cameras, sensors and wireless connectivity in a mesh network architecture connected to the IFS vehicle
  • Cameras and sensors provide the real time surveillance and trigger alerts to IFS which will be able to immediately respond to the situation
  • Multiple IFS from neighboring clusters will provide the redundancy and support to any surge in demand in any particular cluster
  • Several IFS can cover a large urban center to provide the immediate real-time security coverage and immediate response to any public safety and security incident(s)
Thea map.png Tampa Hillsborough Expressway Authority (THEA) Connected Vehicle (CV) Pilot Security Management Operating Concept (SMOC)
Development of a Security Management Operating Concept (SMOC) for phase I of the Tampa Hillsborough Expressway Authority (THEA) Connected Vehicle (CV) Pilot Deployment Program. This focuses on how the THEA team developed an approach to the SMOC (i.e., Prepare); categorized information flows and systems (i.e., Categorize); and selected security controls to establish draft, minimum security control baselines (i.e., Select). The resulting SMOC is largely based on the NIST RMF and provides guidance for ensuring “the privacy of pilot participants and the overall security of the Vehicle-to-Everything (V2X) system for the THEA CV Pilot.”


Tozid-logo.png Cryptography
Making data and identity security easy to use and private is our mission. We sweat every detail to ensure the best experience possible while maintaining the highest level of security. Tozny’s solution allows us to take that security to the next level, and ensures that our client’s most sensitive data is as protected as possible.