Defining the security architecture for a smart city project is a most complex task, as security leaders need to acquire specialised skills to deal with the challenge, says David Dufour, head of security architecture at Webroot.
The CISO role is gaining prominence for their work in Internet of Things and smart city projects. But they often need to get involved from the outside, he says in an interview with Information Security Media Group at 2016 RSA Conference Asia Pacific & Japan in Singapore.
"Why I say they need to get involved from the outside is because CISOs do not have control over security budgets or resources that a smart city project demands," he says.
In a smart city project, the first goal is not security and technical capabilities, but how much a CISO is empowered to influence people and teams around him to define a systematic approach to defining the framework, Dufour says.
While technical capabilities are important, what it takes to define a successful secure framework revolves around how much a CISO is empowered to leverage his technical expertise.
"However, that doesn't undermine the role of security in the entire project, given that the cybersecurity challenges in the smart city environment are rising alarmingly," Dufour observes.
He argues that smart cities demand CISO intervention in identifying, containing and preventing threats and securing every endpoint in the network.
"Defining a realistic security architecture expects CISOs to move the security focus off the endpoint into the network, use device ID to develop solutions that create dynamic sensors in the network and focus on resource capable endpoints," he says.
It is all about collaboration, Dufour says, adding, "CISOs need to work closely with vendors, universities and other functions from their organizations to develop ecosystem machine models for protecting the unique aspects of each network."
In this interview (see audio player below photo), he offers insights on:
Applying threat intelligence in identifying device threats; Breaking the kill chain in securing all endpoints with layered security; A collaborative approach to effective security defences.At Webroot, Dufour is involved in designing automated threat detection and remediation solutions with top-tier software and hardware manufacturers. His nearly 30 years of experience in software engineering has led to the creation of several predictive threat algorithms and the development of new techniques for mapping threat landscapes to identifying bad actors.