National Cyber Security Centre guidance asks local authories to think about cybersecurity sooner rather than later to stop essential services being disrupted by malicious hackers.
National Cyber Security Centre guidance asks local authories to think about cybersecurity sooner rather than later to stop essential services being disrupted by malicious hackers.
Internet-connected technology that's used to power smart cities makes a very tempting target for cyberattacks and local authorities need to be aware of the risks that they and their citizens could face if malicious hackers are able to tamper with infrastructure or services.
Urban infrastructure, including emergency services, transport, traffic light management, CCTV and more, is increasingly using sensors and becoming connected to the Internet of Things in an effort to collect data and provide better, more efficient services.
However, the UK's National Cyber Security Centre (NCSC) – the cyber arm of intelligence agency GCHQ – has warned that cyber-physical systems in smart cities could be compromised by cyber attackers if they are not secured properly.
The huge volume of sensitive data being collected and stored by IoT-connected smart cities, plus the ability to disrupt, "makes these systems an attractive target for a range of threat actors," the NCSC's new guidance for securing smart cities warns.
To help guide local authorities and protect infrastructure, organisations and people from the threat of cyberattacks that could target smart cities, the NCSC has published a series of principles that should be adhered to in order to provide these networks with the highest possible level of cybersecurity.
To start with, local authorities should understand the role of their connected place. By determining who is responsible for the connected place, what the IoT network will look like, what data will be collected, processed, stored, and shared and what operational technology is in place already, authorities can begin connecting smart cities with security in mind from the start.
For example, a city shouldn't be rolling out IoT devices across the network if those products still have a default username and password, as that would make them an easy target for cyber attackers, particularly if data is "collected or processed in a dumb way," said He.