The UK’s National Cyber Security Centre (NCSC) has published a set of security principles to underpin the development of so-called smart cities.
Titled Connected Places Cyber Security Principles, the guidance aims to help local authorities in the UK embrace the benefits of connected places, while at the same time ensure they are resilient to cyber-attacks.
The smart city concept involves the use of connected technology, such as IoT devices, to collect data and enhance services within a built environment. Examples of smart city technologies include the use of parking sensors to provide real-time data on space availability and sensors to monitor pollution levels.
Despite these benefits, security experts believe smart cities will be heavily targeted by cyber-criminals via methods such as ransomware as a result of the critical public functions they will perform and the numerous security vulnerabilities that are associated with IoT devices.
The guidance outlines the high-level security requirements and principles that should be considered and implemented in the development of smart city technology. These include advising local authorities to think about the cybersecurity governance and skills they will need and the role of third-party suppliers in the process. The NCSC also sets out how connected environments can be designed in a way that is resilient and scalable, and able to protect data.
Dr. Ian Levy, technical director at the NCSC, stated: “Local authorities are using sensors and intelligent systems to improve our lives and make our cities more efficient and environmentally friendly.
“While these benefits should be embraced, it’s important to take steps now to reduce the risk of cyber-attacks and their potentially serious impact on these interconnected networks. I urge every individual and organisation establishing a connected place in the UK to consult our newly published cybersecurity principles.
“It’s our collective responsibility to ensure that our cities of the future are safe and resilient.”
Commenting, Mark Jackson, national cybersecurity advisor, Cisco UK and Ireland, outlined how the publication is part of a broad strategy to enhance the security of IoT technology in general: “Cities and metropolitan districts across the UK are at the point of turning their smart city strategies into actionable plans—with many having already conducted proof of concepts or successful trials. The complexity of the smart cities marketplace, with multiple device manufacturers and IT providers in play, could quite easily present cybersecurity issues that undermine these efforts. The NCSC's principles are one of the most sophisticated pieces of government-led guidance published in Europe to date.
“The guidance set out for connected places generally aligns to cybersecurity best practice for enterprise environments, but also accounts for the challenges of connecting up different systems within our national critical infrastructure. With the DCMS also planning to implement legislation around smart device security, this is indicative of a broader government strategy to level up IoT security across the board.”