Within the framework of the IoT/IoD Lab, yesterday took place a workshop entitled "Cybersecurity awareness", organized by Cisco Systems S.r.l. in collaboration with the City of Torino and the Consorzio Top-ix, which was attended by officials of the City and some of the municipal utilities.
The aim of the meeting was to increase the awareness that new technologies need the development and deepening of new digital skills also to foil computer threats that are constantly changing, becoming more and more complex. Each organization must therefore develop knowledge, methodologies and tools suitable to design, build and test secure information systems and to address the challenges of everyday life.
Cisco estimates that last year 50% of Italian companies had to manage an interruption of more than 5 hours due to a violation, with the repercussions that an interruption of service or production can obviously generate. Considerable problems can arise from an interruption in public services or transport: problems that would put at risk the welfare and safety of citizens. This is therefore the main reason why the City of Turin is asking itself questions on this issue.
So what to do? Study your own organization!
First of all, visibility: recognising the types of data that are needed, that arrive at one's own systems and that start from them, assessing which data are actually useful and which are superfluous (or, for example, could be anonymised right from the design of a given sensor/camera), analysing the timing of latency, response and data storage - good visibility will in fact allow greater effectiveness of controls. It is therefore essential to start from a data flow chart, flanking it with a remediation plan - according to the basic principles of cybersecurity that Cisco summarizes in Identify - Protect - Delete - Respond - Recover.
Secondly, segmentation: to build a safe IoT environment, it is necessary to divide it into zones and implement effective monitoring for individual zones, controlling communication between them.
The workshop was the first step in a process of in-depth study and development, which will increasingly involve municipalities and companies, based on the belief that information security is vital to take full advantage of the opportunities that the digital transformation offers us.