Today, CISA, FBI, NSA, along with several other government agencies from countries such as the UK, Canada, Australia, and New Zealand, released a joint guide titled “Cybersecurity Best Practices for Smart Cities.” These concise cybersecurity best practices are worth reviewing by any organization’s Security and IT departments.
The following is a quick summary of these recommendations from the Secure Planning and Design section of the guide:
– Apply the principle of least privilege: each entity shall granted the minimum system resources and authorizations that the entity needs to perform its function.
– Enforce multifactor authentication: organizations should explicitly require MFA where users perform privileged actions or access important.
– Implement zero trust architecture: secure network environment that requires authentication and authorization for each new connection.
– Manage changes to internal architecture risks: maintain awareness of evolving network architecture and the personnel accountable for the security.
– Securely manage smart city assets: physical and logical security controls to protect sensors and monitors against manipulation, theft, other threats.
– Improve security of vulnerable devices: implement secure access to devices lacking built-in protections (such over VPN only).
– Protect internet-facing services: prioritize defensive efforts for these services before anything else.
– Patch systems and applications in a timely manner: enable automatic patching processes for all software and hardware devices.
– Review the legal, security, and privacy risks associated with deployments: continuously evaluate and manage the legal and privacy risks associated with deployed solutions.
About Action1
Action1 provides a risk-based patch management solution for distributed work-from-anywhere organizations. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party applications, patching of operating systems, drivers, and firmware, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.