Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data


Published on

The City of Calgary is responsible for providing municipal services to 1.1 million people and 16,000 employees with more than 700 sites and critical infrastructure units. The municipal services represent a $60B asset base including water and wastewater treatment plants, light rapid transit, emergency services, roads and recreation facilities, and has revenue and procurement streams of $4.0B annually. During his tenure, Owen Key, Chief Security Officer and the Chief Information Officer for the City, has implemented enterprise systems for CCTV, access and ID control, physical security information management systems, and has responsibility for information security.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data

  1. 1. Issues and Challenges Facing Municipalities in Data Security Owen Key Chief Security Officer City of Calgary
  2. 2. Oct 27, 2016 Cyber Summit 2016 2 City of Calgary - Corporate Security Protection of assets Assist other City of Calgary Business Units in providing public safety initiatives Promote organizational resilience through collaborative partnerships which enable and enhance services provided by The City Approach is to develop and implement innovative approaches in all areas of security and risk management.
  3. 3. Oct 27, 2016 Cyber Summit 2016 3 Corporate Security Physical Security Technical Operations Information Security Security Advisory Investigations
  4. 4. §  City of Calgary has over 500 lines of business and provides services that range from recreation to transit to police §  Complex environment with numerous touch points, integration with business partners and third party or arms length organizations §  All services are dependant on IT infrastructure being highly available §  Duty to safeguard critical infrastructure to ensure City services continue Oct 27, 2016 Cyber Summit 2016 4 City at a Glance
  6. 6. Integration Oct 27, 2016 Cyber Summit 2016 6
  7. 7. Oct 27, 2016 Cyber Summit 2016 7 •  Speed and rate of data creation is increasing rapidlyData Velocity •  City has multiple discreet data sets in both structured and unstructured storage Data Variety •  Volume of information is explodingData Volume
  8. 8. Risk Based Approach to Security 11/1/16 Presentation 8 Risk Evaluation Risk Response Risk Governance
  9. 9. Moving Forward – Laying the Foundations 20/09/2016 Data Breaches: Causes, Prevention and Containment 9 Building up the physical and operational security showed the value of investing in security Next layer was to build a fully integrated security program which included cyber and information security
  10. 10. Implementation – Driving Factors 11/1/16 Presentation 10 Increasingly mobile workforce Increasing security awareness in key decision makers Lack of visibility into our systems Risk Based approach to business comes into play Increasingly interconnected Increasing public awareness of Cyber incidents Increase in Cyber incidents Calgary experiences large natural Disaster Internal Factors External Factors Need for Cyber Security Program
  11. 11. Security through Design Oct 27, 2016 Cyber Summit 2016 11 §  Increased investment in information security tools have provided additional layers of defense to reduce risk §  Building security into project design and ensuring safe integration is key to protect data and infrastructure §  Investment in enterprise solutions to provide additional alerting, reporting and security protection
  12. 12. Connected Devices Oct 27, 2016 Cyber Summit 2016 12
  13. 13. City of Calgary - CCTV at a Glance Oct 27, 2016 Cyber Summit 2016 13 Ø  The City of Calgary through Corporate Security, Calgary Transit, Roads and Calgary Parking Authority has deployed approximately 3,000 cameras. Ø  Cameras are deployed based on what’s required to ensure the safety and security of the public, employees, information, sites and assets. Ø  Regular risk assessments and security audits are completed on all existing and new City of Calgary facilities
  14. 14. Oct 27, 2016 Cyber Summit 2016 14 CS Secure Storage Analytics Calgary Data City Network Infrastructure Corporate Security CCTV Network DATA EXCHANGE RECORDED VIDEO City Business Units LIVE VIDEO DATA EXCHANGE
  15. 15. Camera’s as a Sensor Oct 27, 2016 Cyber Summit 2016 15 §  Cameras are primarily used by The City as a sensor. They collect video images and meta data which can be used to enhance the ability of the recipient to provide effective assessment and response. §  The use of a single or limited number of devices to capture varying data streams useful to more than one user §  Sensors as a Service and Common Mode Cameras together allow for ability to tie in additional data capture points.
  16. 16. Freedom of Information Oct 27, 2016 Cyber Summit 2016 16 Ø  “Personal Information” is defined in section 1(n) of the FOIP Act as recorded information about an identifiable individual, including: the individual’s race, colour, national or ethnic origin; the individual’s age or sex; the individual’s inheritable characteristics; information about an individual’s physical or mental disability; and any other identifiable characteristics listed in that section. Ø  “Surveillance System” refers to a mechanical or electronic system or device that enables continuous or periodic video recording, observing or monitoring of personal information about individuals in open, public spaces (including streets, highways, parks), public buildings (including provincial and local government buildings, libraries, health care facilities, public housing and educational institutions) or public transportation, including school and municipal transit buses or other similar vehicles.
  17. 17. §  Authority to use CCTV is granted under S. 33 of the Freedom of Information and Protection of Privacy Act §  Careful consideration is always given to balance both the privacy of individuals and ensure personal and public safety §  Corporate Security continue to meet the requirements for collecting video under the Freedom of Information & Protection of Privacy Act. This includes, providing a business case for gathering video, alerting citizens that they are being recorded and protecting the video. Oct 27, 2016 Cyber Summit 2016 17 Authority to Collect
  18. 18. Monitoring Oct 27, 2016 Cyber Summit 2016 18 §  Corporate Security utilizes an enterprise video management system to monitor cameras from its Integrated Security Centre. §  System provides efficiencies and effectiveness in monitoring and response. §  Reduces the number of ad-hoc standalone systems that require manual and onsite review. §  In order to remotely monitor cameras via the network, streaming is performed at a lower frame rate and definition than what is recorded at the edge level.
  19. 19. Security of Data Oct 27, 2016 Cyber Summit 2016 19 §  City of Calgary Corporate Security employees are the only persons to have administrative rights to the DVRs and NVRs and are responsible for providing DVDs (read only media and watermarked) to the Law Department or Calgary Police Service as directed. §  Information is stored at the location of the NVR and is under lock and key. §  Information is only collected if movement is detected within the area (incident based). §  Audit Logs
  20. 20. Storage and Retention of Video Oct 27, 2016 Cyber Summit 2016 20 §  Data retention policies are crucial for managing the increase in storage cost/ Requirements. §  City retention policy for all video is 14 days or 31 days §  Storage surplus required for proper function and allowance for “protecting” video for investigative purposes (25% or more is ideal). §  Most City of Calgary sites use distributed, edge level recording 1.  Bandwidth – The required bandwidth for recording high quality imagery either exceeds the limitations of the network in remote locations or seriously affects quality of service for users at the remote site. 2.  Autonomy– In the event of failure of the network, edge level recorders continue to record.
  21. 21. Oct 27, 2016 Cyber Summit 2016 21 Calgary Recreation (Facility Security) Roads Department (Traffic Monitoring) Calgary Parking Authority (parking usage) Calgary Transit (BRT, bus performance) Calgary Police Service (LPR, incident investigation) Water (flood, water level monitoring) Internal Clients External Clients Roads Department (Traffic Monitoring) University of Calgary (Utilizes traffic data for research projects)
  22. 22. Data aggregation and correlation Oct 27, 2016 Cyber Summit 2016 22 Sensor Data •  Water Sensors •  CCTV •  Traffic sensors •  Access control •  Public/ smart lighting •  WiFi •  Geolocation data •  Traffic control/ intersection camera feeds Service Based Data •  Transactional Data (PoS) •  Registration/ facility use •  Land use •  Tax Information •  Permit and Development •  Parking
  23. 23. Striking the Balance 11/1/16 Presentation 23 Openness Protection Secure personal and critical data Large public facing presence Must Remain Operational Accessible Information Routine Disclosure Obligations Open Data Initiatives
  24. 24. Oct 27, 2016 Presentation 24 Security Privacy
  25. 25. Oct 27, 2016 Cyber Summit 2016 25 Questions