UK security agency issues guidance on smart city cyber risks

10th May 2021 Sarah Wray

The National Cyber Security Centre (NCSC), which is part of the UK’s GCHQ intelligence agency, has published recommendations on how to secure smart cities.

The Connected Places: Cyber Security Principles report says that while technologies such as Internet of Things (IoT) sensors, CCTV and smart traffic lights offer benefits to citizens and cities, they are also targets for cyber-attacks due to the critical functions they provide and sensitive data they process.

“The compromise of a single system in a smart city could potentially have a negative impact across the network, if badly designed,” the NCSC warned.

In an accompanying blog post, Dr Ian Levy, Technical Director, NCSC, references the famous heist scene from 1969 film The Italian Job in which a professor hacks into Turin’s traffic light system to cause a traffic jam which allows the thieves to escape with the gold.

Understand, design, manage

“A similar ‘gridlock’ attack on a 21st century city would have catastrophic impacts on the people who live and work there, and criminals wouldn’t likely need physical access to the traffic control system to do it,” Levy said.

He added that: “Failures within individual systems can have terrible impacts, but as they are increasingly connected and become interdependent, the compound effects are magnified. Combine this with the potential privacy intrusion…and there’s lots to worry about.”

The principles are intended to help cities mitigate these risks through better understanding, designing, building and managing their systems.

The guidance advises local authorities to consider issues such as cybersecurity governance and skills and the role of suppliers. It outlines how smart city systems can be designed to reduce the attack surface and protect data as well as how to respond to “inevitable security incidents.”

The recommendations signpost existing guidance from NCSC and Centre for the Protection of National Infrastructure.

“We do expect to have to create some very specific guidance over the coming years,” Levy said.

A recent report from the Center for Long-Term Cybersecurity at the University of California, Berkeley ranked emergency alerts, video surveillance tools and smart traffic lights as among the most vulnerable smart city systems.

Image: Riva Ferdian on Unsplash

Login or Register

Like what you are reading? Register now to get FREE access to premium content and to receive our newsletter.

Login Register