UK National Cyber Security Centre publishes guidance on securing smart cities

The UK National Cyber Security Centre (NCSC) has published a new set of security principles to help UK authorities secure smart cities and their underlying infrastructure and protect themselves from cyberattacks.

The NCSC, part of the Government Communications Headquarters (GCHQ), wants to help councils embrace the opportunities that digital technology such as the Internet of Things (IoT) and devices and sensors bring while protecting critical public services from threats.

Understanding connected places

Connected Places Cyber Security Principles advises local authorities on understanding their connected places by considering required cybersecurity governance and skills, the role of suppliers, risks and more.

In the guidance, NCSC explains that if connected systems are compromised, the consequences could impact local citizens and stresses that impacts could range from breaches of privacy to the disruption or failure of critical functions.

“This could mean destructive impacts, which in some cases could endanger the local citizens. There could also be impacts to the local authorities that are attacked. These could include a loss of reputation that could affect citizen participation, or the financial impacts of dealing with the after-effects of an attack,” it states.

As well as what it calls connected places, public realm technology and data-rich environments, the principles cover the wider connected infrastructure, including local areas where data is collected through sensors. The guidance also supports singular or multiple smart city services such as: traffic light management; CCTV; waste management; streetlight management; parking management; transport services and public services (for example, health/social care, or emergency services).

“While these benefits should be embraced, it’s important to take steps now to reduce the risk of cyberattacks and their potentially serious impact on these interconnected networks”

The publication explains how connected places can be designed to protect data, be resilient and scalable, less exposed to risk and supported by sufficient network monitoring. When it comes to running a connected place, the principles outline how privileges, supply chains and incidents should be managed.

“Local authorities are using sensors and intelligent systems to improve our lives and make our cities more efficient and environmentally friendly,” said Dr Ian Levy, technical director, NCSC.

“While these benefits should be embraced, it’s important to take steps now to reduce the risk of cyberattacks and their potentially serious impact on these interconnected networks. I urge every individual and organisation establishing a connected place in the UK to consult our newly published cyber security principles.

“It’s our collective responsibility to ensure that our cities of the future are safe and resilient.”

You might also like:

• White paper: Securing smart city systems against cyberattacks
• Cybersecurity: a smart city imperative
• Canberra cybersecurity hub gets green light