The National Cyber Security Centre (NCSC) has recently unveiled a new 'Connected Places Infographic', providing a high-level, visual guide to the essential cyber security principles for developing and managing smart cities. This infographic is a follow-up to the 'Connected Places Cyber Security Principles' released three years ago.

The principles are crucial for ensuring the security and resilience of smart cities and their infrastructure against cyber-attacks. The infographic breaks down the three core principles, elaborating on the key points for each, we’ve summarised these below. 

Understanding your connected place 

This step involves developing an understanding and context for the connected place. This encompasses:

  1. Understanding your connected place and potential impacts 
  2. Understanding the risks 
  3. Understanding governance and skills 
  4. Understanding suppliers’ roles 
  5. Understanding legal and regulatory requirements 

Designing your connected place

Once the above step is complete, the focus should move to designing a connected place which is difficult for an attacker to compromise. The infographic breaks this down into:

  1. Designing your architecture
  2. Designing to reduce exposure
  3. Designing to protect data
  4. Designing to be resilient and scalable
  5. Designing your monitoring

Managing your connected place 

The final stage involves managing the connected place's privileged accesses and supply chain throughout its life cycle.

  1. Managing privileges
  2. Managing your supply chains
  3. Managing your connected place throughout its lifecycle
  4. Managing incidents and planning your response and recovery

Smart city technology is transforming the future of cities worldwide creating better quality and more sustainable living. The impact of artificial intelligence is set to further develop and inform use of smart city technology. However, as the technology becomes more widespread there is an increased exposure to cyber threats and privacy violations. The principles play an important role in building awareness and understanding of the security considerations. Over time, it is hoped more relevant businesses adopt a standardised approach to cyber security based on these principles.

Although the principles are particularly important for local and national authorities, they will be of relevance to a wider group of stakeholders.  This includes risk owners, CISOs, cyber security architects, engineers, and others involved in the day-to-day operations of smart city infrastructure.

If you have any questions or would otherwise like to discuss any issue raised in this article, please contact Lucy Pegler, Liz Smith or another member of Burges Salmon's Technology Team.

This article was written by Liz Smith and Sam Efiong