Benefits and Cybersecurity and Privacy Risks

From OpenCommons
Revision as of 08:31, December 19, 2021 by Pinfold (talk | contribs)
Jump to navigation Jump to search


Cybersecurity and Privacy
Cybersecurity and Privacy
Sectors Cybersecurity and Privacy
Contact Lan Jenson
Topics
Activities
Cctvcompanies.jpg Cybersecurity and Privacy Resilience Center
COVID-19 crisis has amplified Cybersecurity & Privacy Risks for organizations with their transition to remote and virtual work arrangements. These risks range across infrastructure, data security, data privacy, remote access, policies, security awareness and compliance.
Authors

Lan Jenson.jpegDavid BalensonOC.jpgAdnan BaykalOC.jpgGary Dennis.jpegWayne DennisOC.jpg[[File:|x100px|link=Alex Huppenthal]]Damon KachurOC.jpgBennyLee.jpgCarmen MarshOC.jpgAleta Nye.jpegCarmen ParadaOC.jpgRenil-paramel.jpgBillPugh.jpgMaryam RahmaniOC.jpegCarter SchoenbergOC.jpgSushmitaSenmajumdar.jpgDeborahShands.jpgDean Skidmore.jpegScott Tousley.jpg[[File:|x100px|link=Ed Walker]]Ruwan Welaratna.jpegPaul Wertz.jpegPeterWong.jpeg

{{{summary}}}


Cities and communities stand to harvest unprecedented benefits from advances in information and communications technologies (ICT), in general, and Internet of Things (IoT) and Artificial Intelligence (AI), in particular. Smart cities inevitably introduce new or heighten existing cyber risks, which demand proper consideration in design to ensure the optimal realization of intended Smart City outcomes.

Smart Cities Benefits

Smart cities are associated solutions and capabilities defined by the integration of technology, connectivity, and data to improve the quality of and accessibility to citizen services and to improve the livability of the city and community. Smart cities have the potential to address key challenges, including air and other environmental pollution, traffic congestion, crime, and economic development. Many of these challenges can be directly connected to a direct and/or an indirect fiscal impact (e.g., operational costs, lost economic productivity); conversely, Smart City solutions may have direct benefits in terms of improved services or livability as well as associated benefits of cost savings through enhanced efficiency and a boost in economic productivity, development, and opportunity.

National Cybersecurity Center of Excellence research on mitigating IoT-based DDoS as presented by Tim Polk, Russ Gyurek, and Joshua Lawton at CPAC Cybersecurity Symposium for Smart Cities in San Jose, California, on October 3, 2018. Migrating IoT-Based

While there are many benefits associated with the promise of Smart Cities, there are also many risks and opportunities for unintended consequences. For Smart Cities to truly be successful and reach their full potential, it is important for those designing, developing, and implementing Smart City solutions to properly manage risk. Risk, in the context of Smart Cities, may be found in many common categories such as operational, financial, technical, contractual, legal, reputational, and political risk; however, one area of risk that is becoming increasingly important is cybersecurity and privacy risk. Addressing cybersecurity and privacy by design is critical to risk mitigation and enabling the successful development of Smart Cities and its benefits to citizens.

Cybersecurity and Privacy Risk

Risk (R) is commonly considered a function of three factors: vulnerability (V), threat (T), and consequence (C). While there is some contention on what the appropriate formula is, there is a clear, positive relationship between risk and each of its three variables (e.g., as consequence increases, risk increases). A common mathematical expression of risk is that risk is the product of vulnerability, threat, and consequence – or R = V x T x C.

This general notion of risk certainly applies in the cybersecurity and privacy context. With the increasing ubiquity of connectivity, cybersecurity and privacy risk is a concept that must be thoroughly considered in most, if not all, domains, including the Smart City environment. Risk in the Smart City context can be attributed to a wide variety of factors given the nearly infinite permutations of potential Smart City-related vulnerabilities, threats, and consequences.

Example Smart City Cybersecurity and Privacy Vulnerabilities, Threats, and Consequences
Shopping List Vulnerabilities Threats
  • Lack of awareness of all authorized and unauthorized devices/assets
  • Poorly-implemented encryption or lack of encryption
  • Inability to patch or update software/firmware
  • Use of default administrator passwords
  • Susceptibility to distributed denial of service (DDoS) attacks
  • Lack of security assessment and software code testing
  • Inadequate security and privacy awareness and training
  • Weak or immature supply chain risk management practices
  • National-state and state-sponsored actors
  • Organized crime and other criminal groups
  • Terrorist groups
  • Hacktivists
  • Insiders/employees – whether malicious, unintentional, or negligent
  • External suppliers, service providers, vendors, and partners (e.g., supply chain risk, interdependence and integration risk)
  • Other individual hackers or hacking groups
  • Natural and man-made disasters
  • Disruption of government services to citizens
  • Loss or leakage of citizen personally identifiable information (PII)
  • Financial loss or expense (e.g., lawsuits, regulatory penalties, theft of funds, cost of response and remediation)
  • Facilitation of terrorist event – whether physical, digital, or combined
  • Degradation of trust in government and government services
  • Danger