Cybersecurity and Privacy: Difference between revisions

From OpenCommons
Jump to navigation Jump to search
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
{{Sector
{{Book
| image           = Cybersecurity and Privacy 200.jpg
| image = CybersecurityChapter.jpg
| blueprint      = 2019_GCTC-SC3_Cybersecurity_and_Privacy_Advisory_Committee_Guidebook_July_2019.pdf
| blueprint = Cybersecurity and Privacy
| leader          = Scott Tousley, Lan Jenson
| sectors = Cybersecurity and Privacy
| Size            = 200
| authors = Lan Jenson, David Balenson, Adnan Baykal, Gary Dennis, Wayne Dennis, Damon Kachur, Benny Lee, Carmen Marsh, Aleta Nye, Carmen Parada, Renil Paramel, Bill Pugh, Maryam Rahmani, Carter Schoenberg, Sushmita Senmajumdar, Deborah Shands, Dean Skidmore, Scott Tousley, Edward Walker, Ruwan Welaratna, Paul Wertz, Peter Wong
| description    =
| poc = Lan Jenson
This set of {{#ask: [[Category:Activity]] [[Category:{{PAGENAME}}]] |format=count}} projects is managed by the Cybersecurity and Privacy Advisory Committee (CPAC), a public-private partnership dedicated to built-in cybersecurity and privacy best practices and considerations in Smart Secure Cities and Communities.
| email = lan@cybertrustamerica.org
| body            =
| document = 2019_GCTC-SC3_Cybersecurity_and_Privacy_Advisory_Committee_Guidebook_July_2019.pdf
Smart Secure Cities and Communities unleash tremendous potential built on the power of data and technology. With great power comes great responsibility.  Well designed and executed, municipalities and citizens will harvest marvelous benefits such as less traffic congestion, faster emergency services, and safer environments. Inadequately designed and executed, however, municipalities and citizens may subject themselves to undesirable consequences such as loss of privacy, data breaches, financial loss and disruption to their work and even lives.
| chapter = 200
| summary = This blueprint has been developed by the Cybersecurity and Privacy Action Cluster (CPAC) with the primary goal of providing a source document for all entities interested in learning how to manage upcoming Smart City cybersecurity and privacy challenges and risks.
}}
The National Institute of Standards and Technology (NIST) launched the [https://pages.nist.gov/GCTC/about/the-gctc/ Global City Teams Challenge (GCTC)] program in 2014 as a means to encourage collaboration across the global Smart Cities community. The goal of GCTC is to “establish and demonstrate replicable, scalable, and sustainable models for incubation and deployment of interoperable, standards-based solutions using advanced technologies such as IoT and CPS, and demonstrate their measurable benefits in communities and cities.
 
#In 2018, NIST and the Department of Homeland Security Science and Technology Directorate (DHS S&T) partnered to initiate the Smart and Secure Cities and Communities Challenge (SC3) as an effort to build on the GCTC program and demonstrate the “value and return on investment for designed-in trustworthiness for smart city deployments.
#In support of the SC3 effort, the Cybersecurity and Privacy Advisory Committee (CPAC) was established as a public working group comprised of cybersecurity and privacy professionals and practitioners across the GCTC community. The CPAC has representation from all levels of government, non-profit organizations, academia, and the private sector.
 
The CPAC public working group is intended to provide a forum for members to
share their expertise, leverage industry best practices, and further collaborate with
relevant organizations. The CPAC also serves as a cybersecurity and privacy resource
for the GCTC-SC3 SuperClusters and Action Clusters.
;Purpose
Advances in information and communication technologies (ICT) and the advent of
Internet of Things (IoT) devices are enabling municipalities’ development and
deployment of Smart City capabilities and solutions. Municipalities are leveraging
these smart solutions to provide enhanced services to their citizens; improve the
livability of their communities; and promote economic opportunity.
 
Ubiquitous connectivity, the proliferation of computing power, and the emerging
linkages between cyber and physical infrastructure introduce new and potentially
greater cybersecurity and privacy risks than those found in the traditional IT
enterprise. Effectively and proactively managing these emerging risks is critical to
successfully developing and implementing solutions and to fully realize promised
Smart City benefits.


Formed in March 2018, CPAC consists of cybersecurity and privacy professionals and practitioners from governments, nonprofits and private businesses. CPAC achieves its goal by 1) helping SuperClusters build cybersecurity and privacy best practices and considerations in their blueprints; 2) providing one-size-does-not-fit-all methodologies to enable SuperClusters and municipalities to comply with laws and standards pertinent to them. To ensure timely, tailored and consistent support, CPAC embeds champions in SuperClusters' leadership teams and invite SuperClusters' leaders into CPAC leadership to guide its direction and priorities.  Membership is open to all communities, private sector enterprises, non-governmental organizations, and government agencies (at all levels).
This Guidebook seeks to present an approach to Smart City cybersecurity and
| chair          =
privacy risk management that can be adapted to meet the needs of individual
<div><ul>
municipalities and communities. This Guidebook also provides some key
<li style="display: inline-block;"> [[File:ScottTousley.jpg|thumb|none|300px|Scott Tousley, Deputy Director of S&T, <br />Department of Homeland Security]] </li>
considerations that decision-makers will need to recognize and account for in their
<li style="display: inline-block;"> [[File:LanJenson.jpg|thumb|none|300px|Lan Jenson, CEO, <br /> Adaptable Security Corp.]] </li>
risk management approach.
</ul></div>
 
| team            =
In addition, the appendices of this Guidebook provide additional resources, including
<!--Department of Homeland Security, [https://adaptablesecurity.org/ Adaptable Security Corp], [https://myevoz.com/ Evo Monitors], [https://www.ep3foundation.org/ EP3 Foundation], [https://www.globalcyberalliance.org/ Global Cyber Alliance], [https://sites.google.com/a/isc2-siliconvalley-chapter.org/orig/ ISC2 Silicon Valley Chapter], [https://www.smcgov.org/ San Mateo County], [https://www.sfbay.issa.org/ SF Bay ISSA], [https://www.sightlinesec.com/ Sightlinesec], [https://www.facebook.com/ConnectThatCity/ Smart Connections Consulting], [https://www.thesotergroup.com/ The Sorter Group], [https://www.sri.com/ SRI International]-->
a set of use cases to help demonstrate the application of risk management concepts
Department of Homeland Security, Adaptable Security Corp, Evo Monitors, EP3 Foundation, Global Cyber Alliance, ISC2 Silicon Valley Chapter, San Mateo County, SF Bay ISSA, Sightlinesec, Smart Connections Consulting, The Sorter Group, SRI International
in real-world situations (see Appendix A) and the “CPAC ‘Top X’ Questions for a
}}
Trustworthy Smart City,” a discussion tool for initiating the conversation around
cybersecurity and privacy risk management (see Appendix C).
;Intended Audience
The primary audience for this guidebook is municipal policymakers and leaders (e.g.,
mayors, council members, city managers, department heads, innovation officers,
chief information officers, chief information security officers) actively involved in or
considering the development of Smart City capabilities. However, it is also
important for all other Smart City stakeholders (including technology/solution
implementers and providers) to understand cybersecurity and privacy risk
management processes and to be able to prepare and plan accordingly.
;Key Takeaways
Readers can take away best practices for a trustworthy Smart City from planning to
design to implementation. Specifically, best practices include managing
cybersecurity and privacy-related risks for smart solutions, IoT systems, as well as the
existing information systems:
*What is cybersecurity and privacy risk and why is risk management important?
*How might cybersecurity and privacy risk management in a Smart City environment be different from a traditional IT environment?
*How can cybersecurity and privacy risk management practices be operationalized and applied in the Smart City context?

Latest revision as of 23:57, January 19, 2023


Cybersecurity and Privacy
Cybersecurity and Privacy
Introduction
Contact Lan Jenson
Topics
NEWS
TozCARD.jpg OneIDLab and Tozny Merge to Form Tozny
Portland, Oregon-based Tozny, an identity management and data security company, and OneIDLab, a Zero Trust posture security technology company, announced the companies will merge to form Tozny, Inc.

REPORTS
BlueprintSmartAndSecure.jpg Smart and Secure Cities and Communities Challenge (SC3)
Authors

Lan Jenson.jpegDavid BalensonOC.jpgAdnan BaykalOC.jpgGary Dennis.jpegWayne DennisOC.jpgDamon KachurOC.jpgBennyLee.jpgCarmen MarshOC.jpgAleta Nye.jpegCarmen ParadaOC.jpgRenil-paramel.jpgBillPugh.jpgMaryam RahmaniOC.jpegCarter SchoenbergOC.jpgSushmitaSenmajumdar.jpgDeborahShands.jpgDean Skidmore.jpegScott Tousley.jpgEd Walker.jpegRuwan Welaratna.jpegPaul Wertz.jpegPeterWong.jpeg

This blueprint has been developed by the Cybersecurity and Privacy Action Cluster (CPAC) with the primary goal of providing a source document for all entities interested in learning how to manage upcoming Smart City cybersecurity and privacy challenges and risks.

The National Institute of Standards and Technology (NIST) launched the Global City Teams Challenge (GCTC) program in 2014 as a means to encourage collaboration across the global Smart Cities community. The goal of GCTC is to “establish and demonstrate replicable, scalable, and sustainable models for incubation and deployment of interoperable, standards-based solutions using advanced technologies such as IoT and CPS, and demonstrate their measurable benefits in communities and cities.”

  1. In 2018, NIST and the Department of Homeland Security Science and Technology Directorate (DHS S&T) partnered to initiate the Smart and Secure Cities and Communities Challenge (SC3) as an effort to build on the GCTC program and demonstrate the “value and return on investment for designed-in trustworthiness for smart city deployments.”
  2. In support of the SC3 effort, the Cybersecurity and Privacy Advisory Committee (CPAC) was established as a public working group comprised of cybersecurity and privacy professionals and practitioners across the GCTC community. The CPAC has representation from all levels of government, non-profit organizations, academia, and the private sector.

The CPAC public working group is intended to provide a forum for members to share their expertise, leverage industry best practices, and further collaborate with relevant organizations. The CPAC also serves as a cybersecurity and privacy resource for the GCTC-SC3 SuperClusters and Action Clusters.

Purpose

Advances in information and communication technologies (ICT) and the advent of Internet of Things (IoT) devices are enabling municipalities’ development and deployment of Smart City capabilities and solutions. Municipalities are leveraging these smart solutions to provide enhanced services to their citizens; improve the livability of their communities; and promote economic opportunity.

Ubiquitous connectivity, the proliferation of computing power, and the emerging linkages between cyber and physical infrastructure introduce new and potentially greater cybersecurity and privacy risks than those found in the traditional IT enterprise. Effectively and proactively managing these emerging risks is critical to successfully developing and implementing solutions and to fully realize promised Smart City benefits.

This Guidebook seeks to present an approach to Smart City cybersecurity and privacy risk management that can be adapted to meet the needs of individual municipalities and communities. This Guidebook also provides some key considerations that decision-makers will need to recognize and account for in their risk management approach.

In addition, the appendices of this Guidebook provide additional resources, including a set of use cases to help demonstrate the application of risk management concepts in real-world situations (see Appendix A) and the “CPAC ‘Top X’ Questions for a Trustworthy Smart City,” a discussion tool for initiating the conversation around cybersecurity and privacy risk management (see Appendix C).

Intended Audience

The primary audience for this guidebook is municipal policymakers and leaders (e.g., mayors, council members, city managers, department heads, innovation officers, chief information officers, chief information security officers) actively involved in or considering the development of Smart City capabilities. However, it is also important for all other Smart City stakeholders (including technology/solution implementers and providers) to understand cybersecurity and privacy risk management processes and to be able to prepare and plan accordingly.

Key Takeaways

Readers can take away best practices for a trustworthy Smart City from planning to design to implementation. Specifically, best practices include managing cybersecurity and privacy-related risks for smart solutions, IoT systems, as well as the existing information systems:

  • What is cybersecurity and privacy risk and why is risk management important?
  • How might cybersecurity and privacy risk management in a Smart City environment be different from a traditional IT environment?
  • How can cybersecurity and privacy risk management practices be operationalized and applied in the Smart City context?