In the software engineering paradigm for Critical Infrastructure, functionality is secondary to security. When a system manages a metropolis's public lighting or water distribution network, a security breach does not result in mere data loss, but in a physical service disruption with public safety consequences. Maptainer's architecture adheres to the "Security by Design" principle, implementing defense-in-depth layers that protect the full data lifecycle, from the field sensor to the database core.
I. Cryptography and Data Protection: At Rest and In Transit
The confidential integrity of geospatial and operational data is secured using military-grade cryptographic standards, eliminating implicit trust in the transport network.
- Data in Transit: All communication between clients (mobile Apps, web browsers, IoT sensors) and the Maptainer backend is conducted exclusively over forced HTTPS, utilizing TLS 1.3 (Transport Layer Security). HSTS (HTTP Strict Transport Security) is implemented to mitigate downgrade attacks. For machine-to-machine (M2M) communications on protocols like MQTT, we use MQTTS over port 8883, ensuring that asset telemetry cannot be intercepted or injected (Man-in-the-Middle) by malicious actors.
- Data at Rest: Persistence in our PostgreSQL/PostGIS database utilizes Transparent Data Encryption (TDE) using AES-256 (Advanced Encryption Standard) algorithms. This ensures that, even in the unlikely event of physical exfiltration of server disks, the database binaries remain computationally inaccessible without the master keys, which are managed in external vaults (Hardware Security Modules - HSM or cloud key management services).
II. Access Control and Identity Management (IAM)
Perimeter authentication is insufficient. We implement a Zero Trust model where every request, internal or external, must be verified.
- Robust Authentication: We use OAuth 2.0 and OpenID Connect (OIDC) for session management, delegating identity to secure providers and enabling mandatory Multi-Factor Authentication (MFA/2FA) for users with administrative privileges. Access tokens (JWT) are short-lived, minimizing the exposure window in case of session compromise.
- Fine-Grained RBAC (Role-Based Access Control): Maptainer's permission model is not binary (admin/user). It is based on a matrix RBAC system that allows defining access policies at the resource and action level. An operator may have
READpermission on the "Lighting" layer butDENYon "Budgets," andWRITEpermission only on assets assigned to their geographic zone. This Segregation of Duties (SoD) prevents compromised low-level credentials from escalating horizontally to damage critical assets.
III. Security in the Development Cycle (SecDevOps)
Security is not a post-deployment patch; it is integrated into the CI/CD (Continuous Integration/Continuous Deployment) pipeline.
- Static and Dynamic Analysis (SAST/DAST): Every code commit undergoes automated scans (SAST) to detect common vulnerabilities (OWASP Top 10, SQL injection, XSS) prior to compilation.
- Secret Management: Following Twelve-Factor App practices, no credentials (API keys, DB passwords) are stored in the source code. They are injected at runtime as environment variables from encrypted secret managers (such as HashiCorp Vault or Kubernetes Secrets), preventing accidental leaks in code repositories.
- Container Security: Docker container images are based on minimal versions (distroless or Alpine) to reduce the attack surface and are scanned daily against known CVE (Common Vulnerabilities and Exposures) databases.
IV. Regulatory Compliance and NIS2 Directive
With the entry into force of the European NIS2 (Network and Information Security) directive, requirements for essential digital service providers have tightened. Maptainer facilitates compliance for its corporate clients through:
- Forensic Auditing (Logging): Immutable recording of who accessed what and when.
- Incident Notification: Automated protocols for the detection and reporting of security anomalies.
- Resilience: Business continuity strategies (detailed in our Disaster Recovery articles) that ensure service recovery in the face of Ransomware attacks.
Cybersecurity in Maptainer is not a "feature"; it is the substrate upon which operational trust is built. In an environment where digital assets control physical infrastructure, protecting code and data is synonymous with protecting the city itself.