Kaspersky has signed an information security cooperation agreement with the Orenburg regional government, which includes implementation of the Smart City project. The Smart City project for the digitalization of the urban economy is being carried out by the Ministry of Construction, Housing and Utilities of the Russian Federation within the framework of the Housing and Urban Environment, and Digital Economy national projects. The Smart City project is aimed at making Russian cities more competitive by creating an effective urban management system combined with safe and comfortable living conditions for residents.
The goal of the project in Orenburg is to build a housing control system with cloud console for urban management.
The housing control system will handle a number of tasks:
To develop the solution, the Department of Information Technologies (DIT) of the Orenburg region identified three facilities with different social purposes:
Installation work was carried out at each facility to implement the internet of things (IoT) concept, in particular, the installation of a multi-level system including sensors and controllers and means to transmit and visualize collected data.
Data related to the following parameters is collected at each facility:
These parameters are displayed on the operator dashboards of the housing control system with cloud console.
The housing control system with cloud console displays the values of all the indicators received from sensors installed at each facility. It also displays deviations from acceptable values and notifies the operator accordingly. Continuous control and monitoring of the facilities is carried out from the operator’s personal account. This ensures the fastest possible response in an emergency.
Kaspersky conducted a series of studies, drew up a list of threats specific to IoT solutions, and built a threat model. Because the housing control system with cloud console is an IoT solution, the threat model is applicable to this project.
Taking into account all the identified threats, Kaspersky has developed a specific approach to IoT security. This solution protects all levels of the IoT architecture.
At the cloud level, protection is provided by Kaspersky Hybrid Cloud Security. This protection tool allows the following:
The data channel from the controller (PLC) to the cloud is protected by Kaspersky IoT Secure Gateway. This gateway is a joint project between Advantech, which developed the hardware platform, and Kaspersky, which developed the secure operating system KasperskyOS. At the heart of the OS is a microkernel that only permits a specific predefined way of communicating between all system components, thus the OS remains resistant to any vulnerabilities and errors in the code. The Advantech UTX-3117 gateway model was chosen as the hardware platform.
Kaspersky IoT Secure Gateway is able to detect and classify all devices in the network. The gateway also has firewall and IDS/IPS functionality. It provides the means to receive, scan, and distribute sensor messages received via the MQTT protocol.
A web GUI was developed for Kaspersky IoT Secure Gateway to view reports on security events logged in the system and network (push and syslog).
A controller developed by Information Systems and Strategies with KasperskyOS preinstalled was used as the PLC. This solution employs the SEM Pro 5 universal controller model (environmental management system). This controller provides monitoring and control of engineering infrastructure. It collects and transfers data from engineering systems to the cloud system, and performs local control tasks. This controller model is EAC certified. The preinstalled operating system KasperskyOS validates data, guards against spoofing, ensures safe downloading of firmware updates, and protects certificates and controller policies.
Below is a schematic of the solution implemented at facilities within the scope of the Smart City project in Orenburg.
The list of sensors to be monitored was specified for each facility. The bulk of sensors transmit data via the Modbus RTU protocol with an RS-485 interface. Some of the sensors installed in the residential complex, in particular those for hot/cold water supply, transmit data via the LoRa wireless protocol. Data from the access control system (ACS) sensors is transmitted to the controller through a digital input/output (DI/DO) module.
After the data is collected by the controller, Kaspersky IoT Secure Gateway provides secure data transfer to the InSpark cloud over a GSM channel.
Kaspersky IoT Secure Gateway is managed through Kaspersky Security Center. Kaspersky Security Center provides simple and convenient security administration for all gateways in the network.
Kaspersky together with its partners developed a solution that protects all levels of IoT architecture. The solution is suitable for use in other projects where IoT protection is required.
Implementation of the Smart City concept makes the urban environment more comfortable and optimizes the use of resources. The solution improves the energy performance of facilities, reduces energy costs, and minimizes the risk of emergency situations.