The information security strategy of Bogor’s smart city to deal with threat in cyber space

The increasing quality and quantity of cyber-attacks and the demand for the information security revolution are also followed by the threat in developing Smart City of Bogor. In assuring these problems, it is crucial for the City Government of Bogor to develop and information security strategy which is capable to protect public privacy data and critical information of Smart City Bogor. The research was conducted with a qualitative method by using a grounded theory approach at the critical infrastructure of Smart City Bogor, which is the Department of Transportation, Department of Health, Department of Fire Rescue and Department of Communication and Information. The result showed that the information security as a core strategy which only created by the readiness of the legal ware as a causal factor in forming the knowledge and information security awareness in the preparation of priority program and development of the command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) systems of Smart City Bogor which became the basis of the formulation of Smart City Bogor’s information security theory.


Introduction
In Indonesia, the development of districts and cities as smart cities are based on the concept of the Ministry of National Development Planning (Bappenas), which is the City of the Future of Indonesia: Sustainable and Competitive Cities, that is expected to be realized in 2045. The concept of Indonesia's smart cities in the future is supported by the three pillars of sustainable and competitive cities, namely safe and comfortable decent cities, green cities that have conservation and slavery resilience, and smart cities that are competitive and technology-based using applications that use 6 (six) main dimensions of smart cities namely smart governance , smart society, smart economy, smart environment, smart life and smart mobility in the daily life of city residents supported by the latest information and communication technology that is expected to be one of the efforts to solve various urban problems that are getting increased with growth of Indonesian residents who live in urban areas. Furthermore, based on data from the Central Statistics Agency (BPS), the Ministry of National Development Planning (PPN) / National Development Planning Agency (Bappenas) estimated that in 2045 as many as 82.37% of Indonesia's population will live in urban areas [1].
This can have a direct impact on the level of security and well-being of the urban population which ultimately affects Indonesia's national security as a whole, especially in aspects relating to public security and human security.
Flowing from this explanation, it can be understood that the use of information and communication technology in the development of smart cities is carried out in a system that has interoperability IOP Publishing doi:10.1088/1757-899X/1073/1/012054 2 capabilities in which all functions of government systems and public services are integrated together through a system mechanism capable of monitoring (surveillance) in a comprehensive and real time manner. The various activities of the city and its citizens are able to be recognized (reconnaissance) and provide awareness of the situation of the various activities through the city control center (control) which is then intelligently communicated (communications) in a network system (computers) that are mutually integrated with various authorized institutions to do the actions deemed necessary quickly and precisely (command). The system mechanism that is able to assist smart city governments in making decisions based on comprehensive and real time situation awareness as stated, is actually a decision support system based on the framework of the Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) which has been used by the United States Department of Defense and has been adapted at the federal, departmental and bureau level within the United States Government [2].
The Development of smart cities by utilizeing a decision guide system based on the C4ISR System is currently being developed by Bogor City which is also on of the cities that develops the concept of smart cities in Indonesia for the sake of improving government performance maximally, quickly and accurately in serving public services according to the needs of the residence as well as for the safe, prosperous and sustainable city development. Through the development and management of the city which is supported by the use of information and communcation technology that is packgaed in a decision guide system based on the C4ISR system framework, the Bogor City has succeeded in increasing effetiveness and efficiency in the implementation of government functions and public services which are expected to help improving the quality of life of Bogor City residents. This is proved by the leadership of the Mayor of Bogor City, Bima Arya, who successfully received the Gatra 2019 award for the category of Infrastructure "Smart City -Development Innovation". The award was given by the President Director of Gatra at IPB International Convention Center, 1st December 2019 [3].
In addition, the concept of a smart city that is dynamic and focuses on innovation, solutions and optimal use of human resources and technological resources is an inevitable choice for the development of the city of Bogor. The e-Government Movement in Bogor City, which began to emerge from 2007 and experienced a boom in 2015, became an embryo in the planning of the construction of the Smart City of Bogor City. Therefore, the work program of the Movement Towards 100 Smart City Indonesia is very relevant to the direction of the Bogor City development goals [4].
Based on the description above, the potential threats and challenges may come to the Bogor City Government in developing an information security strategy in cyberspace that is based on a complete information security architecture, starting from the stage of determining the priority programs of the city to the stage of preparing and developing the C4ISR system. It as outlined in the security policy information in cyberspace and actualized through operations and information security assessment in cyberspace. It is aimed to to realize the the goal of developing Bogor Smart City as a world-class city that is comfortable for all and is one of the non-military defense forces of the the Republic of Indonesia in facing the threat of asymmetric warfare of technological dimension. Based on these problems, the researcher is interested in being able to reveal more deeply in the hope of providing benefits in the form of contributing information security strategies in cyberspace which can be used as a reference in the development of the Bogor Smart City.

Research methods
This research was conducted using a qualitative research methodology through a systematic and fundamental grounded theory approach. Glasser and Strauss in Yusuf stated that grounded theory is a general methodology for developing theories through qualitative research conducted systematically and fundamentally. The theory is built based on data collected about a phenomenon that is the focus of research [5]. While Gunawan explained that the characteristics of qualitative research with a grounded theory approach were the comparison between data from various categories and the use of different samples to maximize their similarities and differences [6].

Data interpretation
Based on the results of the analysis conducted, there are several categories that are the findings of the research, namely information security as the main category, the rules (legal ware), knowledge, information security awareness, vulnerability of priority programs, weaknesses in preparation and also development of the C4ISR system, and translation of information security. The findings of the research are described as follows: 3.1.1. Information security (the main category). In the development of the Bogor as Smart City, information security in the form of public data and critical information of the Smart City Bogor has not been placed as an important aspect that must be placed as a short-term priority that must be immediately prepared by the Bogor City Government in developing its territory as a smart city. Utilization of information and communication technology in the preparation, development and integration of various information systems as one of the means and resources used to achieve these objectives has the potential to become a cyber-weapon that threatens public security and human security for citizens of Bogor City, especially those relating to public data security, critical information to the life safety of the citizens of the Bogor as Smart City. In addition, the preparation of steps that are not accurate and systematic that actually leads to wasteful use of the budget that has the potential to cause regional losses. Finally, the low quality of information security in cyberspace has the potential to become a barrier to the realization of the vision of creating Bogor as a city that is comfortable for all.

The rules (legal ware).
In the development of the Bogor Smart City, the absence of a set of rules (legal ware) regarding information system governance and information security governance both at the city government policy level and at the operational level of programs and activities in the regional apparatus organizations studied, has become a causal factor for vulnerability priority programs of the city and regional apparatus organizations. The weak levels of resource preparation and successful development of information systems in each of the regional apparatus organizations studied and the integration of the information systems within the framework of the C4ISR Smart City Bogor system and the inability of the Bogor City Government to translate information security in the development of the Bogor Smart City, both in the form of risk assessment and information security operational in the Bogor IOP Publishing doi:10.1088/1757-899X/1073/1/012054 4 Smart City. This is indicated by the lack of knowledge and information security awareness of the regional apparatus organizations under study due to the absence of rules as a guideline.

Knowledge.
In terms of knowledge about information system governance and information security governance, the state civil apparatus in the regional apparatus organizations studied, do not yet have full and accurate knowledge. The understanding is based on the explanations of the resource persons, among them stated by the resource person at the Bogor City Fire Department who stated that the shortage of personnel was lack of technological understanding so that when the continuity of knowledge did not go well. While the Department of Communication and Information Agency in general explained that currently the number of human resources who understand the Information-Technology in the Bogor City Government is very limited and failure in the development of information systems in several regional apparatus organizations, particularly those investigated, among others due to the limited human resources in the Bogor City Government who understand the technology of information.

Information security awareness.
Similar with the level of knowledge about information system governance and information security governance, awareness of the importance of information security in the development of the Bogor Smart City is very low. This understanding is also based on the explanation of the informants in the regional apparatus organizations studied. At the Transportation Office, it was stated that in terms of information security including the internet network, the Transportation Office had not yet focused on this matter and it was entirely left to the Communication and Information Agency. While at the Health Office, it was stated as a form of information security in the use of information technology in Bogor Home Care telemedicine services, the Health Service only think about how quickly patients are handled, not thinking about the security of that information. In addition, the Bogor City Fire Service stated that an information security analysis had not been carried out, bearing in mind that it was still new and its existence had been very beneficial for them.

Vulnerability of prior programs.
In the development of the Bogor Smart City, a priority program vulnerability analysis is carried out on priority programs at the city level as well as at the regional level organization, especially those that utilize information and communication technology. At the priority program at the city level as referred to is the Implementation Program of IT Governance and a Convenient City Program for All. Whereas at the level of the organization of the regional apparatus, especially the organization under study, the priority programs referred to are:  Bogor Traffic Program (One way system, Area Traffic Control System) by the City Transportation Agency  Bogor Home Care Program by the Bogor City Health Office.  Fire mapping and Regional Management Program by Bogor City Fire Service.

 One Data Program and Big Data Program by Bogor City Communication and Information
Agency.
Based on the analysis carried out on these priority programs, an understanding is obtained that all priority programs are not based on an information security analysis that takes into account aspects of confidentiality, integrity and availability which ultimately actually places the development of the Bogor Smart City put on a fragile foundation.
3.1.6. Preparation and development of information system. In preparing resources for the development of information systems in the Bogor Smart City, it was analyzed through 7 (seven) main resources in each of the regional apparatus organizations studied, namely:  Human resources  Software  Hardware The results of the analysis provide an understanding that except for the Bogor City Communication and Information Agency, the readiness of all regional apparatus organizations under study is limited as a system user and does not yet have a readiness as a manager especially as an information system developer. While the Bogor City Office of Communication and Information, although it already has the resources and ability to develop information systems independently, the lack of knowledge and information security awareness as a basis for developing information systems has caused the regional apparatus organizations not to have the readiness as intended. Furthermore, along with the weak level of resource readiness and the success of the development of information systems in the regional apparatus organizations, it has direct implications for the integration of the information system within the framework of the C4ISR system of Bogor Smart City. The results of observations at the Bogor Smart City War Room provide understanding that the percentage of integrated information systems in the smart city control center does not reach 10% of the overall regional apparatus organization in the Bogor City Government.

Translation of information security.
Analysis of the translation of information security in the development of the Bogor Smart City provides an understanding that the Bogor City Government has not been able to translate it both in information security operations to protect the confidentiality, integrity and availability of privacy data belonging to city residents as well as critical information of the Bogor Smart City, particularly in the C4ISR system and information security risk assessment in each stage of the development and management of the Bogor Smart City. This understanding is based on the explanation of the speakers at the organization of the area in the research. At the Department of Transportation, it was stated that the operational standards and procedures for managing and securing the Bogor City Adaptive Traffic Control System and the Bogor City Traffic Monitoring and Control Room have not yet been prepared, including scenarios for handling cyber incidents. As for the Bogor City Office of Communication and Information along with the lack of a set of rules regarding information security, of course there is no important matter related to information security in Bogor City. Besides that, for the time being, information security is still translated in terms of the type of information that belongs to the Bogor City Government that can be published or that cannot be published to the public.

Discussion
Further analysis of information security in Bogor Smart City gives an understanding of the relationship between categories which is then used as a basis for developing an information security strategy theory that can be used as a reference to be applied in the development of Bogor Smart City. The relationship between these categories is presented in Figure 2, as follows: