You can see many communities in Canada engaging in “smart community” or “smart city” initiatives – using technology to manage a city’s assets and deliver digital services to its citizens.
One leading example of this is Kitchener, Ontario. This year council approved the award winning #DigitalKitchener strategy; Kitchener will start to build the foundation of a smart city through initiatives and partnerships that support sustainable, innovative infrastructure. We met with Steve Asmundson, Supervisor of Network Systems at the City of Kitchener, which is a D-Zone Anycast DNS and D-Zone Firewall customer. Steve’s team is responsible for the city’s servers, storage, application systems, network (including mobile) infrastructure, and data security. We talked to him about how his team supports some of the city’s strategies.
What are some of the core strategies you are looking to support?
This year council approved the #DigitalKitchener strategy, which is both an internal IT strategy but also deals with the public-facing technology services that the city provides.
In addition to traditional network management it includes some interesting projects. For example, we are in the process of updating streetlights with more energy efficient LED lights. While we are already touching the lights, we are also rolling out a narrow band mesh network using the streetlight infrastructure. This will allow us to deploy any number of IoT services more cost effectively. Applications can range from managing the lights, traffic monitoring, water and gas meter data collection, smart parking, garbage bin level measurement, and more. There is a whole world of opportunity. As more and more city services go online, or have an online component to their delivery, the network becomes increasingly important…and complex.
The possibilities that IoT present to communities are amazing, but what is the role of the network in more traditional municipal activities?
I have two good examples of this.
Part of our #DigitalKitchener strategy revolves around public inclusion. We are rolling out public Wi-Fi at strategic locations like parks and public facilities throughout the city – it’s a great news story that is part of the Canada 150 celebration funding. This infrastructure and service needs to be consistently available, secured and managed.
This year we also made tax and utility billing available online and these types of applications need to be both secure and highly available. It is one thing to have a website outage that impacts basic informational pages but when people rely on a service, that service must be there when they need it. In relation to CIRA, it is one of the reasons we chose your Anycast DNS service to help ensure that this critical application was adequately protected.
Speaking of security, how do you approach your security architecture?
We take a considered approach towards security. For the standard pieces like anti-malware or firewalls we look to recognized leading solutions. We are finding success with a defence-in-depth approach to supplement those big pieces already in place, which lets us look at new or innovative solutions. For example, we added the D-Zone Firewall, which works beautifully with our existing solutions. The endpoint protection on our client systems protects against command and control, as does our edge firewall, and now we have a solution that handles it at another layer still. The D-Zone Firewall has caught several Command and Control instances either before the other systems became involved, or that the others missed! This layered security greatly reduces our risk and actually helps improve our productivity because we get fewer and fewer alerts and problems from end clients. This also saves us time because our team doesn’t have to spend nearly as much time dealing with infected machines.
Security awareness is another important function that we’re developing. Training is a requirement of PCI compliance for those accepting payment information. We're looking for ways to use the tools at hand to help improve security awareness for all staff. For instance, our email gateway blocks known issues and we can get reports on missed instances. We can now see if a user has received a bad email and clicked on the link and know that this situation was a potential risk today and in the future. We can then proactively reach out to help educate the user and make them aware of issues with an immediate feedback loop.
We have found it helps users to also think security-first at home. By giving us a chance to talk about the potential personal risks and costs of a breach, users better grasp the issues. We are considering rolling out some form of IT security training to the rest of the organization.
Have you had any critical breaches?
Over the past couple years we have had a few recoverable issues make it through our protection systems. For example, one was a zero-day virus that had no signature and we worked with our antivirus vendor to push out an update for it. In all instances, backup was there when we needed it and we were able to restore services. We were also able to track the incidents back to a source. Notably, after any incident, we go through a “lessons learned” process to help plan for mitigating similar risks in the future. We can’t cut off the Internet and so security requires constant vigilance and cost-appropriate protection and backups.
Because of the important role that municipal governments have in building a better online Canada, we will continue to profile some of their interesting initiatives and how CIRA is helping with security, online presence, Internet testing, and more.