Local and national authorities in the U.K. are being offered expert guidance to protect their citizens by making their connected places – often known as ‘smart cities’ – resilient to cyber attacks.
A new set of security principles has been published by the National Cyber Security Centre – a part of GCHQ – to help all U.K. authorities secure smart cities and their underlying infrastructure.
Connected places – which include smart cities and connected rural environments – use networked technology like Internet of Things (IoT) devices and sensors to improve the efficiency of services and therefore the quality of citizens’ lives.
Examples of smart city technology include the use of sensors to monitor pollution levels to reduce emissions, parking sensors to offer real-time information on space availability and traffic lights configured to cut congestion. This technology can help councils work towards net zero carbon, deliver a more sustainable environment and improve service efficiency.
While smart cities offer significant benefits to citizens, they are also potential targets for cyber attacks due to the critical functions they provide and sensitive data they process, often in large volumes. The compromise of a single system in a smart city could potentially have a negative impact across the network, if badly designed.
The publication of ‘Connected Places Cyber Security Principles’ is intended to mitigate these risks by helping CISOs, cybersecurity architects and other relevant personnel consider the high level security requirements and principles that should govern smart cities in the U.K.
The launch of the principles comes ahead of NCSC’s CYBERUK 2021 virtual conference (May 11 – 12) which will feature a session discussing the risks and opportunities of smart cities.
The principles advise local authorities to understand their connected places by considering required cybersecurity governance and skills, the role of suppliers, risks and more.
They also explain how connected places can be designed to protect data, be resilient and scalable, less exposed to risk and supported by sufficient network monitoring.
When it comes to running a connected place, the principles outline how privileges, supply chains and incidents should be managed.
In addition, charities and small businesses in the U.K. have been given access to a new e-learning package that will boost their ability to defend against threats posed by cyber criminals. The training, Cyber Security for Small Organisations and Charities, guides businesses through the actions they should take in order to dramatically reduce the risk of the most common cyber attacks, such as ransomware and phishing.