A holistic approach to risk, resilience and security

Xavier Mongin

November 29, 2023

A risk, resilience, security framework focused on citizens, operations, smart buildings and processes address today’s risks.

It’s not an overstatement to say that today’s governments and cities are under siege. As cyber and physical risks escalate, in both number and severity, there has never been a more urgent need for a holistic approach to address impending attacks.

Reducing risk and improving resiliency and security will require attention to citizen safety, reliable operations, and secure, smart buildings, as well as a framework that addresses processes, best practices and solutions.

Tackling the triad

A secure and resilient network is key to addressing the cyber and physical risks that can impact citizens, operations and buildings.

Citizen safety is paramount. Today’s networks must be able to support video surveillance for critical applications; ensuring no loss of data at any time, contextual information, mass notifications, and event applications like contact tracing for lone workers.

Reliable operations to ensure mission-critical communications as well as support for IoT and cyber and physical security technologies, will require networks that include:

• Hardened source code and software on network switches

• Macro- and micro-segmentation for a zero trust environment

• Autonomous operations to reduce human error

• Ruggedised equipment for harsh conditions

• On premises, public and private cloud deployment options

Smart buildings that provide secure workspaces require a multiservice wired and wireless network that can protect against risks and maintain service availability. Additionally, support for advanced video surveillance, IoT onboarding and management to securely converge OT and IT systems and automation capabilities to operate 24/7 while reducing the risk of human error are essential.

A framework to improve security and resilience

Key to improving resilience and security is understanding the risk situation. The following four steps can help you identify your risk profile and choose the right network and communications solutions to address your specific situation.

1. Evaluate: An audit is a good place to start to assess your cyber and physical risks, areas of exposure and potential consequence. This information can help you identify options to prevent, protect and react to attacks. And because the threat landscape is continually changing you will need to regularly reassess for new vulnerabilities.

2. Prevent: From a cyber perspective, solutions should take security into account during each step of product definition, development and delivery, and contribute to a zero trust architecture. From a physical perspective, video surveillance, access control, asset tracking, intrusion detection and alarms, location-based services and facial recognition solutions fit the bill.

3. Protect: On the cyber side, solutions must meet security standards, include native encryption capabilities and advanced authentication mechanisms, and limit propagation of cyberattacks and viruses. To increase physical protection, communications, alerts and notifications as well as solutions to protect workers in isolated locations are essential.

4. React: Cyber solutions should be supported by a Product Security Incident Response Team (PSIRT), provide an audit trail and recovery procedures, and support data restoration. Physical solutions must support command and control (C2) operations and mission-critical communications.

It’s clear that each city and government is unique, with a specific risk profile, mandate and budget. As your technology partner, we can help you navigate your journey to a safer, more secure and resilient environment and support the strategy that’s right for your government or city organisation. The ALE Risk, Resilience and Security (RRS) framework provides a holistic approach to identify your risks, provide solutions to address cyber and physical security issues and manage any budget concerns with flexible options.

Check out our whitepaper to learn how ALE is helping governments and cities address, risk, resilience and security to ensure critical services and citizen safety.