Using disaster-recovery-as-a-service (DRaaS) for smart distributed data. Credit: Thinkstock Crisis planning is integral to many cities across the planet and we see it in use when natural disasters strike. When the magnitude 9 earthquake hit Japan in 2011, previous disaster planning kicked in. But the response has been criticized because of the predictive limitations that informed the disaster recovery attempts. Other criticisms highlighted too much emphasis on using ‘hazard maps’ which were inaccurate. If our starting points are off point, then our disaster recovery will also be lacking.In our smart cities, which are intrinsically dependent on data, disaster recovery has to include data as a critical infrastructure in its own right or as my previous article outlined—the data superstructure.Controlling catastropheWe are never going to stop catastrophic events, be they natural or human-made. So, all we can do is be well-prepared for them.In a smart city, our very infrastructure is dependent on the data generated by citizens and our daily lives. For example, smart water is a critical infrastructure that needs lots of data to improve our city living. Smart water needs to analyze water flow, distribution, use metrics and pressure. It is also intrinsically linked to weather and perhaps other, more behavioral-based data. Smart cities need to provide clean, always available, water to many millions of city dwellers. Critical infrastructures, like smart water, are also likely to be a sweet target for hackers. We have already seen the ‘testing of the waters’ in energy CIs like the attack on Ukraine’s energy grid by the CrashOverride malware. Or the unnamed water treatment plant where hackers adjusted the chemical mix used to treat tap water.Our critical infrastructures are under serious threat from cyberattacks and according to the World Energy Council are now amongst the top concerns of energy companies in North America and Europe. Having disaster recovery and planning in place is all part of creating a smart city. But modeling it so it is as accurate as possible, is part of the planning process. We have already built up a knowledge-base of information on our weak points. And, there is a lot of research on where the likely attack points in smart city critical infrastructure attacks will occur. Utilizing these will help towards more effective control, post-catastrophe.Smart disaster recovery in the smart city—extended PEN testing?Smart cities are built on big data analytics—much of which is cloud-based. These data have to be not only managed and organized well but protected too. These data run the city. They will ultimately be behind water clean enough to drink, heating to keep us warm in winter, and roads that are not continuously grid-locked.The cogs and wheels behind the smart city will be cloud-based data and having a disaster recovery plan in place for these data is crucial to keeping the city running smoothly. Disaster-Recovery-as-a-Service (DRaaS) is a new era way to manage cloud data. In a useful article by Disaster Recovery specialists NetApp, they set out the main criteria for smart disaster recovery using a service model such as Azure Site Recovery (ASR)—it is analogous to having an umbrella over your data superstructure.One of the key steps is preparation and planning. But to plan accurately, you need to have an understanding of the infrastructure and model behind it. I believe that as part of this planning stage, a new extended version of traditional Penetration testing needs to be developed that can follow the data across its use in a smart city context to take into account both natural and human-made disasters. This data lifecycle testing should be able to incorporate both security and privacy checks.We should take heed of the mistakes we have already made when a disaster occurs. Having an accurate way of modeling a disaster and its aftermath will help us to a better laid out disaster recovery plan. As our smart cities begin to mature and take root, we need to lay down the expectations for managing the city when disaster strikes.Having a mental map of the data driving the city will go a long way towards having an accurate plan to recover critical infrastructures, if and when, these data are compromised. We are already experiencing the touch of cybercrime on critical infrastructures as they become ever more Internet-connected. We need to put full effort into the disaster recovery plans of smart cities now or sit back and watch the cybercriminals take us hostage. Related content feature 4 authentication use cases: Which protocol to use? Choosing the wrong authentication protocol could undermine security and limit future expansion. These are the recommended protocols for common use cases. By Susan Morrow Dec 05, 2019 6 mins Authentication Identity Management Solutions Security opinion Deepfakes and synthetic identity: More reasons to worry about identity theft How can we maintain control over digital identity In a world where it is being blurred and abused by fraudsters? By Susan Morrow Oct 02, 2019 6 mins Authentication Fraud Identity Management Solutions opinion Is the digital identity layer missing or just misplaced? The orchestration of existing services and data could provide a digital identity layer that gives the internet a common way to handle identity for all consumers. By Susan Morrow Jun 28, 2019 6 mins Authentication Identity Management Solutions Security opinion Can the re-use of identity data be a silver bullet for industry? The ability to re-use identity data for individuals across different systems would greatly simplify authentication. Here's what it would take to make it happen. By Susan Morrow May 24, 2019 6 mins Authentication Identity Management Solutions Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe