Local authorities must defend smart cities from cyberattacks, NCSC warns

The National Cyber Security Centre (NCSC), which is a part of GCHQ, has published a new set of security principles designed to secure smart cities and their underlying infrastructure. Examples of smart city technology include the use of sensors to monitor pollution levels to help reduce emissions, parking sensors to offer real-time information on space availability, and traffic lights configured to cut congestion.

While this technology can help councils work towards net zero carbon, deliver a more sustainable environment and improve service efficiency, they can also be vulnerable to cyber-attack without the proper defences.

The NCSC has set out a series of principles advising local authorities to get a better understanding of their connected technologies by taking into consideration the required cyber security governance and skills to run them, as well as the role of suppliers and other external risks.

It also explains how smart cities can be designed to protect data, be made resilient and scalable while less exposed to risk.

“Local authorities are using sensors and intelligent systems to improve our lives and make our cities more efficient and environmentally friendly,” said Dr Ian Levy, NCSC technical director. “While these benefits should be embraced, it’s important to take steps now to reduce the risk of cyber-attacks and their potentially serious impact on these interconnected networks.”

Digital Infrastructure Minister Matt Warman also said local authorities need to become more resilient and urged them to follow the NCSC’s principle guidelines.

Last month, researchers found that the advent of the internet and increasing economic focus on information and communication technologies has lead to increased population growth in big cities.

Commenting on the data offered by smart cities, making them attractive to cyber criminals and hostile states, Steve Bradford, senior vice president EMEA, SailPoint, said: “Smart cities are useful to help improve efficiencies for urban infrastructure, but the data that resides in this technology - often commercially sensitive and personal - is a goldmine for criminal and hostile states.

“Supplier or not, anyone working within these critical projects has the potential to be a threat and pass sensitive information into the wrong hands, if the right cybersecurity measures aren’t in place. Organisations must therefore secure access at all costs, only giving stakeholders as much access as is required to perform their assigned roles and responsibilities – no more, no less. This is vital to spot unusual, suspicious behaviour and to root out threats well before a breach occurs.”