With Infrastructure Investments Expected to Rise, We Must Protect Critical Infrastructure in Connected Cities
While the US Congress and Administration continue to debate how, when, and where to invest in modernizing America’s crumbling infrastructure in the private sector, Smart City solutions have continued to mature. Local governments and the people they serve are more connected than ever, and with the rapid adoption of the Internet of Things (IoT) and Industrial IoT, we are already seeing a massive convergence of connected devices, cloud applications, and solutions across multiple categories.
Given the wide variety of devices attached to the public Internet and private IP networks, managing the geographic distribution of those devices and systems is a massive challenge. Whether in fixed physical infrastructure, mobile smart cars, control systems for public transportation vehicles, or as part of public safety, ensuring these devices can communicate securely across transmission networks has become mission-critical.
Challenges to Network Resiliency
As the IoT and related Industrial IoT grow, in large part due to the investment in Smart Cities, resilience is increasingly important. Challenges to network resiliency include responses to large-scale natural disasters that can destroy parts of the network, cyber-attacks by adversaries wishing to take entire cities down, unintentional or intentional actions of insiders, and as we saw most recently with the Colonial Pipeline ransomware attack, the attempt of criminals to hold critical infrastructures hostage.
The integrity of a Smart City and the data that is generated by sensors, cameras, and other endpoints on its networks are highly vulnerable when legacy network architectures are used without the benefit of Software Defined Networking (SDN). Having to monitor and manage multiple networks, applications, cloud services, and the exchange of data without an SDN strategy and next-generation secure and performant private network in place is unsustainable economically.
Unlock Value, Reduce Risk
This white paper lays out a blueprint for digital city planners, technology architects, networking experts, government agencies, IoT solution providers, and others in the Smart City ecosystem. The creation of ultra-secure, high-performance, mission-critical resilient connectivity environments will help unlock the massive value of connected communities while reducing risk.
Increasingly Complex Internet
The public Internet was built for resilience but has become a complex series of multi-realm, multi-level networks. The growth of the IoT, which is the most significant driver in digital cities, is dramatically increasing in complexity and expanding the cyberattack threat surface.
Not only are the number of endpoints increasing due to IoT, but also rising are the number of networks and sub-networks. The increased heterogeneity of protocols, standards, local computing requirements, multi-cloud applications, and business applications (including connecting the primary energy grid, micro-grids, traffic, parking and safety applications, and more) have led to an interdependency among systems that were not designed to communicate with each other.
The network must now become part of the solution for normalization and efficiency— and not part of the problem, which it has become today.
Advantage of Software-Defined Networking
Collecting IoT information that dwarfs “big data” projects of the past, analyzing and securing that information, and modeling the adaption of that data for efficient and automated systems is not trivial.
Sub-domains are being managed as “islands” with protected perimeters and independent components for computing (DNS, CDNs, PKI, edge computing for ultra-low latency applications, and more). It is the interdependent applications that create even more pressure for security, including systems sharing information via APIs.
Software-Defined Networking (SDN) provides unprecedented flexibility in that it can dynamically reconfigure IP networks and leverage the scale and natural resilience of the Internet while providing hardened security based on how “events” or “sessions” are treated.
Beyond SDN, Secure Access Service Edge (SASE) Approaches Protect The Evolving Perimeter
Secure access service edge, or SASE, is an emerging cybersecurity concept that Gartner described in the August 2019 report, “The Future of Network Security.”
SASE is the convergence of WAN (wide area networking) and Network Security Services into a single, cloud-delivered service model.
Instead of managing network and security separately, SASE simplifies and unifies these efforts while solving the scaling, security, flexibility, performance, and cost containment challenges networks and enterprises will face while attempting to manage the explosion of data, computing, people, groups (branch offices), applications, services, IoT systems, and edge computing entities accessing their digital assets from any device on any network, public and private.
Innovative IoT services drive smart cities that revolutionize the way we live, commute, conduct business, manage public health, and secure our communities. The fundamental architecture for how all this is connected physically and virtually can significantly enhance and protect against attacks.
On the other hand, poor design built on legacy frameworks could bring networks and geographies to a grinding halt, costing billions in damages and resulting in significant loss of life. The choices we make in designing these networks need careful attention and planning for the future with a solid foundation of proven agile technologies that scale and evolve.
As we move to dramatically improve America’s infrastructure, including critical infrastructure in our most populated cities, the time is right to move to a better way to connect assets, store and transmit data and protect our most important systems from cyber attacks.
Smart Critical Infrastructure (SCI) enables the deployment of adaptive, reliable, economically feasible, and shared private networks.
SCI brings together smart grids with smart homes, buildings, and transportation systems, including electric and increasingly autonomous vehicles, smart homes, buildings, factories, schools, and hospitals.
SCI integrates city government, county/state/federal government, utilities (electricity, gas, water, wind, waste management, and more), transportation systems, and public safety platforms onto a holistic infrastructure. A connected infrastructure offers day-to-day management—but also can be leveraged to respond in real-time to natural or manmade disasters.
The integration of physical and cyber systems, as well as human behaviors, can be orchestrated and optimized using SCI.
Current SCADA Solutions
The integration of systems naturally increases the vulnerability and the attack surface at an ecosystem level. However, proven architectures that achieve the successful monitoring and control of critical infrastructures like Supervisory Control and Data Acquisition (SCADA) systems are influencing the way we design smart cities beyond the electrical grid, where SCADA is in use today.
SCADA systems become interconnected with Internet resources and services in Smart Cities (and they are often the foundation of smart city projects). These SCADA systems become attractive targets to external and internal adversaries because they were initially designed to only operate in an isolated environment separate from other private networks and the public Internet.
SCADA network operators are now turning to SDN, and SASE-based solutions like Dispersive’s virtual networking technology, to protect from the execution of malicious commands on control systems and remote devices, protecting against economic disruption and massive threats to human health and safety.
Defending Against Cyber Attacks
Dispersive’s networking technology is being used today to establish dynamic encrypted routes on the control and data plane, transmitted from a control center to grid devices, which prevents would-be attackers from gaining network access and injecting malicious commands.
Our solution also protects against malicious rerouting and Denial of Service (DoS) attacks by detecting activity on the network, which can be addressed, constantly “resetting” encryption keys, deflecting packets, and otherwise outwitting attackers.
With the right run-time configuration, our SASE approach can bring significant benefits to the Smart Cities of the future, when smart city operators and collaborators can securely operate connected systems and defend against cyber warfare.
Critical infrastructures are rapidly evolving to support valuable innovations in digital technologies that make cities safer, cleaner, more affordable, more livable, and more resilient.
As we gear up to plan, implement and scale modernized infrastructure services, the US can lead the way to more efficient management of energy and better resource utilization. The upside is so clear that the proliferation of ubiquitous connectivity to critical infrastructures (electrical grid, utility networks, billing systems, broadband services, and public safety platforms) is driving healthy new economies, new jobs, and the creation of wealth.
Cybersecurity must be addressed in every layer of the “stack” – from endpoint to edge, from edge to cloud, applied to data at rest and in transit.
We are proud to be working with government agencies, industry consortiums, IoT developers, network service providers, and Smart City visionaries. Together we are designing resilient and smart critical infrastructure architectures that protect communications, controls, and computations that are automating and optimizing everything from lighting to traffic control to gunshot detection and homeland security programs.
The stakes have never been higher, and the determination to bring our economy back after the global pandemic means we have a “silver lining” moment to not just rebuild our critical infrastructure but to ensure it is fully protected in our increasingly digitally connected hyper-connected world.