Bhubaneswar, Aug. 14: The boom in Internet connectivity and accessibility to smartphones has brought the world closer, but also left users susceptible to cyber attacks.
The recent WannaCry ransomware attack that infected computers across the globe holding user data to ransom a few months ago exposed the loopholes in cyber security.
Now, Bhubaneswar Smart City Limited, the civic body's special purpose vehicle for the ambitious smart city project, is planning to bring in a dynamic cyber security model for upcoming web applications in an attempt to protect its IT infrastructure from third-party attacks in the form of malware or virus.
The looming threat of malware made the authorities look into the need to frame a stringent and progressive cyber security model since, under the smart city mission, the city will introduce a number of web and smartphone-based applications to ease service delivery process.
Sources said the ministry of urban development has already asked respective smart city officials to frame security models in line with the one notified by the Union Ministry of Electronics and Information Technology.
Accordingly, local officials will follow the guidelines.
According to the guideline, the officials should introduce a mechanism for automatic and secure updates of software and firmware. It also makes it mandatory for all system and devices to provide auditing and logging capabilities, ensure vendor compliance to remove any backdoors, undocumented and end-to-end encryption.
"There are four generic layers in a specific cyber infrastructure - a sensing layer, communication layer, data layer and an application layer. These four layers should be protected with adequate programming," said Udya Sahoo, a city-based IT engineer.
"This system in the smart city need to be open, interoperable (able to exchange and make use of information) and scalable (able to be changed in size or scale)," he said.
A smart city official said there were plans to introduce a smart solution under which there would be various mobile and web-based applications.
"With more and more online services comes the threat of virus and hackers. There is a need to save the applications as well as the immense data stored online," said the official, adding that the cyber security model was a must to ensure seamless service.
Another important point in the ministry's guideline maintains that the message exchange between various applications in smart city should be fully encrypted and authenticated. Besides, any application outside the data centre should talk to the applications hosted in the data centre only through predefined internet protocol (IP) addresses.
"It is necessary to converge multiple infrastructure into one central platform for ease of management," said another smart city official.
"In such a condition, it is mandatory that such applications hosted in the central data centre support multi-tenancy with adequate authentication and role-based access control mechanism," the official said.
Another city-based IT engineer, Suramya Mishra, said May's WannaCry attack showed how many hackers wait in the wings to take advantage of any loopholes.
"The upcoming applications under smart city would have many important and critical data, which need to be protected. We should not give anyone the chance to misuse our data," he said.
