How to win the network security attack and defense war in the construction of smart cities?
Meeting the needs of local culture and citizens, and what kind of hacker attacks smart technology may encounter in some key areas are all issues worthy of attention. At the same time, once good safety standards and norms are lacking, the expected benefits will be greatly reduced, which will lead to unexpected problems.
In order to help the competent authorities build a perfect smart city, ten safety points are listed for reference when introducing smart technology.
1. Perform quality inspection and penetration test.
Intelligent technology must undergo rigorous inspection and testing before any comprehensive construction can be carried out. Through this step, the construction unit can find security and maintenance problems, such as data leakage and abnormal situations, before the smart equipment, infrastructure or services are officially launched.
In addition, municipal units should also invite independent external manufacturers to conduct penetration tests regularly. However, because penetration testing only focuses on vulnerability scanning, some standard product testing processes, such as quality assurance (QA) and quality testing (QT), should also be listed as standard processes. The focus of quality assurance is to find the defects in intelligent technology, while the focus of quality testing is to test the stability of functions.
2. Make safety a priority in the service level agreements (SLA) of all manufacturers and service providers.
The person in charge of smart city planning must formulate a set of service level agreement (SLA), which lists the safety standards that smart technology vendors and service providers must meet. And clearly stipulate the punishment for not meeting the standards on time. In addition, it can also include provisions to ensure people's data privacy, 24-hour emergency response team for 7 days, or the aforementioned regular penetration test and security audit.
3. Establish computer emergency response team (CERT) or network security incident response team (CSIRT) in the municipal government.
If there is any security incident in Smart technology, the municipal government should set up a special computer emergency response team (CERT) or security incident response team (CSIRT) to stand by at any time. When they are attacked by hackers, they must be familiar with how to deal with it or how to recover when the system crashes. In addition, such groups can also coordinate vulnerability notification and repair operations, act as a contact window for manufacturers, advocate best security practice principles, and so on.
4. Ensure the integrity and security of software updates.
Once the manufacturer releases the software or firmware update of the smart device, the competent unit shall immediately start the deployment. Both the municipal government and the manufacturer should ensure the security of the update delivery (for example, through encryption and digital signature) to ensure the integrity of the software. Digital signature can be used to check whether the update has been tampered with, and then install it after confirmation.
5. Reasonably plan the life cycle of intelligent infrastructure.
Compared with general consumer products, the life cycle of intelligent infrastructure is significantly longer. Therefore, it is very important for municipal units to formulate a set of detailed procedures to deal with the infrastructure that is facing elimination or the support of manufacturers has been terminated. Because once the support for the system is terminated, the follow-up will face the dilemma that serious vulnerabilities cannot be repaired, which will lead to hackers.
In addition, the responsible units of smart cities should also consider the life of infrastructure. After years of use, lack of maintenance or overuse, it is possible to cause the wear and tear of infrastructure. Therefore, if the life cycle of infrastructure is properly planned in advance, the future municipal government units will not be at a loss when they have to repair or replace the system.
6. All data processing processes must consider the right to privacy.
Please observe a principle: any data collected by smart cities must be treated anonymously to protect people's privacy, especially the data that the government must disclose to the public. Any data unrelated to the smart city plan must be completely destroyed.
Any sensitive data must be strictly controlled and can only be accessed by personnel approved by the municipal government, such as service providers who are obliged to reach a service level agreement (SLA). In addition, it is necessary to formulate clear information sharing norms, including: what information can be shared, who can enjoy it, and what is the data privacy protection mechanism. In addition, it should also include the data backup and recovery plan in case of disaster.
7. Encrypt, authenticate and control all communications.
All communications, whether wired or wireless, should be protected against hacker attacks, interception and tampering, especially data containing sensitive information, which must be strictly encrypted and the encryption key should be properly kept.
All intelligent communication systems must pass at least account password authentication to access. In addition, stricter authentication methods, such as one-time password, biometric authentication, double or multiple authentication, can be adopted to improve security.
Municipal units should control communication protocols and traffic to reduce the risk of central system or multiple interconnected devices being attacked and offline. Turning off all unnecessary functions on the intelligent communication system can reduce the attack surface of hackers and avoid being abused.
8, must be able to forcibly switch manual operation.
No matter how attractive full automation is, it is important to maintain the ability to switch between manual operations. Because, in the case of serious system failure or hacker intrusion, forced switching of manual operation can make municipal units still be able to operate the system without Internet connection or remote operation being intercepted by hackers.
9. Design a fault-tolerant system.
When one or more components fail, intelligent infrastructure and applications must continue to run, which is called fault-tolerant system. At this point, the intelligent service may be a little unsatisfactory, but the system can still run and will not be completely paralyzed. In order to achieve this, it is necessary to establish some backup mechanisms (software and hardware) to allow failures and maintain necessary functions.
10. Ensure the sustainable operation of basic services.
When all systems fail unfortunately, people must be able to get basic public services, including water, electricity, gas, ambulances and so on. Therefore, when the main power supply system fails, there must be a backup power supply.
With the passage of time, the future cities will surely become more intelligent. As governments around the world gradually embrace smart technology, this will be the inevitable development in the future. Whether it is a newly planned smart city or an urban renewal, both functions and safety must be taken into account. Cities serve the people, so ensuring the safety of the people is the real king.
Special statement: some pictures and texts of the articles we pushed come from the internet, and the copyright belongs to the original author; If copyright issues are involved, please contact us in time and delete after verification.
?