The National Cyber Security Centre – a part of GCHQ – has published a set of principles around ‘smart cities’. Connected places use networked technology like Internet of Things (IoT) devices, such as video surveillance cameras, and sensors for efficiency of services such as transport. Sensors can monitor pollution to reduce emissions, parking sensors can offer real-time information on space availability and traffic lights can be configured to cut congestion. Smart cities are also targets for cyber attacks due to the critical functions they provide and sensitive data they process, often in large volumes. The compromise of a single system in a smart city could potentially have an impact across the network, if badly designed, the NCSC warns.
Hence the publication of ‘Connected Places Cyber Security Principles’ aimed at CISOs, cyber security architects and others on the high level security requirements and principles that should govern smart cities in the UK. At NCSC’s CYBERUK 2021 virtual conference next week (May 11 and 12) a session will discuss the risks and opportunities of smart cities.
Dr Ian Levy, Technical Director, NCSC said: “Local authorities are using sensors and intelligent systems to improve our lives and make our cities more efficient and environmentally friendly. While these benefits should be embraced, it’s important to take steps now to reduce the risk of cyber attacks and their potentially serious impact on these interconnected networks. I urge every individual and organisation establishing a connected place in the UK to consult our newly published cyber security principles. It’s our collective responsibility to ensure that our cities of the future are safe and resilient.”
For the 16-page document visit the NCSC website.
Comment
Tom Van de Wiele, Principal Security Consultant at cyber firm F-Secure said: “Smart cities make life more efficient and have been around for a while, but they do invite privacy and security risks. Ultimately, there is a real risk for harm from unsecured networks that share data from sensors and analysis tools. The high degree of connectivity in these technologies means that an attacker could, potentially, take malicious action across the entire UK with ease if proper security measures such as segregation of networks and fallback processes are not enforced and properly tested.
“A nation state, a serious organised crime group or attackers wishing to harm critical, national infrastructure without direct loss of life could create countless amounts of chaos. Threat actors on the prowl looking to abuse smart city networks and its decision-making patterns really are viable threats and isn’t far off from what we saw happen at the Florida water plant hack in February. The possibilities for attack are relatively endless. Striking the right balance between efficiency, privacy and security is important so it’s no surprise the NCSC are setting out guidelines to get a hold over some of the risks.”
Andy Norton, European cyber risk officer at incident response and cyber threat detection product company Armis, said: “Smart devices turning rogue will be one of the critical challenges facing smart cities and other digitally transformed aspects in society. There is a real physical cyber threat posed by the unauthorised commandeering or corruption of a smart device that is a component of critical infrastructure.”
