Secure Cloud Architecture SC3-cpSriA
|Secure Cloud Architecture SC3-cpSriA|
|Team Members||Adaptable Security; Applied Information Security; ANDRO; Blackstone; Central New York Biotech Accelerator; CEO (CenterstateCEO) ColorTokens; Dell Technologies; Farm to Flame Energy Inc.; FMC Globalsat; Highmark Global; Hu-manity.co; IBM Red Hat; iConsult; Imcon International Inc.; Keyed Systems; Kymeta; LifeSource Health; Microsoft; Ngenuity LLC; NineAI; New York Civil Liberties Union (NYCLU); Omnimesh; One Planet Education Network (OPEN); Promptous; Saab; State University of New York- College of Environmental Studies and Forestry (SUNY-ESF); State University of New York – Oswego (SUNY-Oswego); State University of New York - Upstate Medical University (SUNY-Upstate); Syracuse University; VMware; WiTec|
|Point of Contact||Lee McKnight; Sam Edelstein; Lan Jenson; Yusuf Saadiq Abdul-Qadir|
|Participating Municipalities||City of Syracuse, NY; Los Angeles Unified School District, CA|
|Status||Ready for Public Announcement|
|Download||ACTION CLUSTER BLUEPRINT|
Smart cities run largely on cloud services for efficiency and affordability reasons. Residents, government agencies, and small and medium businesses can benefit from an Architecture or Framework for privacy and rights-inclusive security practices across smart city and community cloud services. First, the City of Syracuse, New York, USA, in cooperation with Syracuse University and SC3-cpSriA Action Cluster(Smart City and Community Challenge Cloud privacy security rights inclusive Architecture) consider how the Architecture guidelines may apply. The SC3-cpSriA Action Cluster welcomes new members to broaden the debate. First, smart streetlight networks, catch basin monitoring, and water metering projects may consider if and how security, privacy, data protection and rights-inclusive cloud architecture guidelines may be followed. The ethics for facial recognition, machine learning and artificial intelligence systems and cloud services in future smart cities with privacy, security and rights-inclusive architecture will also be reviewed. Can architecture guidelines help protect citizens rights and encourage growth of smart city open data lakes, encouraging civic engagement and data privacy security and rights-inclusive innovation, entrepreneurship and economic development?
The Secure Cloud Architecture Action Cluster will offer architectural advice, first on City of Syracuse projects.
- Smart street light network
- Catch basins
- Water metering
- Facial recognition, machine learning and artificial intelligence smart city project policy and ethics
- Smart street light network: Upgrading lights will save cities millions annually, interconnect smart grid data access, reduce greenhouse emissions, & increase safety.
- Catch basins: monitoring hard infrastructure with sensors should not create a privacy issue. Previously a city might not have known there could be a problem, so could not have been expected to repair.
- Water metering: accessing water meter data could be helpful for residents to better understand usage and if their pipes leak, but also could be invasive if real time information is shared with the city or others, which could monitor exactly when showers are taken or someone goes to sleep, or is out of town.
- Facial recognition, machine learning and artificial intelligence smart city project policy and ethics: for example, facial recognition could help a city better prevent crime if specific people were monitored to ensure they did not get close to public buildings or schools; but also, could invade privacy, and may not be accurate enough to ethically rely on.
The City of Syracuse is implementing inclusive smart and secure community projects, beginning with a network of city-owned smart street lights. The cyberphysical smart city architecture guidelines provide a comprehensive template for cities of limited resources to apply across sectors and initiatives consistent with NIST standards. The hybrid cloud architecture includes multi-cloud, inter-cloud and federated cloud (to edge) service designs able to support security, confidentiality, access control, least privileges and safeguarding PII practices of data across the Internet of Things and beyond. The 3-level data classification scheme to be considered would define: 1) sensitive including personally identifiable information so most controlled and restricted (red); 2) medium sensitivity information whose access may be controlled but by law can be shared more widely although still with controls and monitoring (yellow); and 3) low sensitivity data which can be shared openly – smart city civic and open data (green).
|Key Performance Indicators (KPIs)||Measurement Methods|
For 1st Action Cluster project (Advising on smart street light network:):
Standards, Replicability, Scalability, and Sustainability
The project will ensure replicability, scalability, and sustainability by conforming to standards including:
- 3GPP/ITU 5G (defined in 2020);
- GCTC CPAC Privacy and Security Guidelines;
- IEEE LoRaWAN;
- ISO 37101, Sustainable development and resilience of communities— Management systems — General principles and requirements
- ISO 37120:2014, Sustainable development of communities — Indicators for city services quality of life
- ISO 37150:2014, Smart community infrastructures — Review of existing activities relevant to metrics
- ISO/PWI 37153 Smart community infrastructures
- NIST Framework for Improving Critical Infrastructure Cybersecurity; NIST Smart City Interoperability Reference Architecture (SCIRA);
- NIST SP 800-53; NIST SP 800-171 & NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII);
- NIST A Consensus Framework for Smart City Architectures IES-City Framework (Internet-of-Things-Enabled Smart City Framework) Release v1.0;
- OMB Memorandum 07-16;
- Open Specifications Model 0.5 for the Internet of Things
- VMware SDDC & NSX SD-WAN by VeloCloud
Cybersecurity and Privacy
The objective of applying this architecture at a city level is engaging community residents – including businesses of all sizes, local, city, county and state government agencies, and civil society. This will improve the smart city privacy, security, and rights-inclusive operational and policy practices and awareness, while enhancing collaboration, reducing costs and enabling new services. It is anticipated that technologies such as Artificial Intelligence, Augmented Reality, Autonomous Systems, Blockchain, the Internet of Things, Machine Leaning and Quantum Computing may be safely and securely used more widely, while limiting opportunities for personal data abuse by malicious actors. This data classification for smart city cloud to edge architecture will offer a comprehensive approach and easy to use template for organizations to apply their own data classification policy. Eventually it is hoped to extend across all smart city and especially civic data across relevant domains and sectors enhancing personal data rights by design.
A smart City architecture to increase privacy security and rights inclusive standards awareness with a simple cloud architecture improving data protection and privacy practices across sectors. Reduced City operating costs and greater regional data transparency increasing service and product innovation and sales is expected to result. With common cloud architecture guidelines ensuring smart community privacy, security and data rights are considered by design, many innovations are emerging. The economic benefits from new personal data revenue streams, new products, jobs, economic growth, exports will contribute to growth of regional tax bases and positively serve energy, health, safety, and environmental objectives including:
- Improving safety and quality of lives
- Community acceptance will be replicated across the United States and adapted in other nations.
At the GCTC Expo in July 2019:
- City of Syracuse
- A Proof of Concept for smart city architectural readiness self-evaluation will be demonstrated by WiTec (Syracuse University) and Adaptable Security.
- An illustration of how the City of Syracuse is working with the community and the Action Cluster to refine the privacy, security and rights-inclusive by design smart city cloud architecture for the Syracuse SURGE program, and County-wide, will be presented.
- A Pop-Up community network for Smart City officials use in the event of an emergency, or when in a restricted network access location or dead zone environment. will be simulated. How a NIST and Open Specifications Model 0.5 -compliant Internet Backpack for assured communication on demand always can radically reduce the time to restore communication and more flexibly align emergency services with First Responders and the community, will be shown live.
- A Smart City Data Rights Demonstration will show people claiming rights to their own health data, in conformance also with the Architecture and the Model.
- The Guidelines for Smart City Cloud privacy security and rights-inclusive Architecture will be announced, discussed, and disseminated at the GCTC Expo and Executive Leadership Forum, July 2019, in cooperation with release of the GCTC Cybersecurity and Privacy Advisory Committee (CPAC) Guidebook.
- Los Angeles Unified School District consideration of if and how lessons learned in Syracuse may be potentially applied or adapted has begun; future demonstrations are TBD.