Municipal governments nationwide increasingly rely on complex and highly integrated technology solutions for their municipal infrastructure. Protecting these systems from cybersecurity threats is vital to the smooth running of cities and the well-being of citizens. To secure key technologies and modernize critical systems and infrastructure, the City of Trois-Rivières entrusted CGI to develop a digital governance framework and roadmap aligned with the city's security needs and long-term development strategy.
Context: Improving security and the quality of municipal services
To upgrade municipal services and improve citizens' day-to-day life, the City of Trois-Rivieres wanted to modernize and secure its information technology (IT) and operational technology (OT) infrastructure. CGI worked with the municipal government to develop a detailed strategic roadmap and governance framework that, over a three-year period, will help the city ameliorate security and technology systems and also improve cooperation within their organization. The CGI team worked on critical elements of the city's infrastructure and urban technology. These included:
• Traffic and public transportation smart management.
• Water and waste management.
• Heating, ventilation, and air conditioning (HVAC); lighting and power; building energy management systems.
Challenge: Integrating IT and OT and ensuring cybersecurity
In the past, OT systems used to manage critical infrastructure, like water and waste management, operated in an IT environment separate from a municipal government's other technologies. In many instances, OT systems were not even exposed to the Internet. Because of improved digitalization and the need for real-time data to manage vital infrastructure, IT and OT environments have become increasingly integrated. Along with the benefits of improved citizen services, savings in operational costs, and the insights sophisticated tools and data can provide decision-makers, IT and OT integrations also bring increased digital risks. Lapses in cybersecurity can pose a significant danger, compromising not only personal data but also safety of citizens, causing havoc to vital systems, and rendering municipal governments hostage to malicious actors.
Solution: How CGI helped the City of Trois-Rivieres
We conducted a thorough analysis of municipal systems and infrastructure, looking at previous incidents and future risks associated with a cyber threat. Following an assessment of the municipality's cybersecurity maturity, we drew up a three-year action plan with a list of priority projects. With experience in IT and OT security, our overarching concern was securing the confidentiality, integrity and availability (CIA) of IT data and ensuring the safety, reliability and productivity (SRP) of vital operational systems.
We took an innovative step based on the NIST framework and CMMI score. We integrated multiple industry IT and OT standards into a single framework the municipality could use to implement and secure new and existing systems. With the different kinds of security risks involved, integrating IT and OT maturity assessments into a single offering was a unique approach. The new security governance framework included ISO/IEC 27001, an international standard for information security management; IEC 62443, a cybersecurity standard for industry; and NIST 800-82, a global standard for industrial control systems security.
As a city organization, we have many legacy systems that were not previously exposed to the internet. However, with the integration of IT and OT systems, including water and wastewater management, smart traffic management, and others, the cybersecurity threat has significantly increased. This poses a potential risk not only to critical infrastructure but also to the safety and well-being of the citizens in our community. Working with CGI, we have been able to develop a roadmap and framework for the city to significantly improve security, technology systems, and cooperation within the organization.
IT Cybersecurity expert - city of Trois-Rivières
Value delivered: Accelerate technology safely and on budget
The CGI plan aligned with the City of Trois Rivières' need for an in-depth assessment of the existing IT and OT environment. It also provided city management with a governance framework and strategic roadmap on how to move forward – a clear and simple plan for improving cybersecurity that considered the people, processes and technologies, as well as the financial costs.
Our local team also took advantage of CGI’s extensive global network of experts. We consulted with colleagues from CGI in the Netherlands involved in developing OT cybersecurity solutions for major German car manufacturers. The Netherlands team helped with the OT cybersecurity components of the municipality’s security strategy and governance framework. For the decision-makers at the City of Trois-Rivières, the cybersecurity assessment and roadmap are critical to making considered and cost-effective choices as they move forward. We are proud of the work done and looking forward to an ongoing partnership implementing the road map with the municipality.
• We created an integrated security governance framework for the municipality that included ISO/IEC 27001, an international standard for information security management; IEC 62443, a cybersecurity standard for industry; and NIST 800-82, a global standard for industrial control systems security.
• In addition to the security governance framework, we submitted a deployment plan for the Nozomy Network solution to monitor the municipality's OT security environment.
CGI’s cybersecurity services can help municipal governments and organizations manage their security needs, from governance and data compliance to critical control systems and malicious actors. Our local, dedicated teams are backed by strong global capabilities that help our clients transform and secure systems and accelerate results.