National Cyber Security Centre
Printable version

Cyber experts set out blueprint to secure smart cities of the future

The NCSC has published a set of principles outlining how to securely design, manage and build smart cities.

decorative image

  • National Cyber Security Centre – a part of GCHQ – publishes set of principles for local authorities and partners to establish secure smart cities
  • Advice will help councils embrace opportunities smart cities bring while protecting critical public services from threat of cyber attacks
  • New principles outline how to securely design, manage and build smart cities

Local and national authorities are being offered expert guidance to protect their citizens by making their connected places – often known as ‘smart cities’ – resilient to cyber attacks.

A new set of security principles has been published by the National Cyber Security Centre – a part of GCHQ – to help all UK authorities secure smart cities and their underlying infrastructure.

Connected places – which include smart cities and connected rural environments – use networked technology like Internet of Things (IoT) devices and sensors to improve the efficiency of services and therefore the quality of citizens’ lives.

Examples of smart city technology include the use of sensors to monitor pollution levels to reduce emissions, parking sensors to offer real-time information on space availability and traffic lights configured to cut congestion. This technology can help councils work towards net zero carbon, deliver a more sustainable environment and improve service efficiency.

While smart cities offer significant benefits to citizens, they are also potential targets for cyber attacks due to the critical functions they provide and sensitive data they process, often in large volumes. The compromise of a single system in a smart city could potentially have a negative impact across the network, if badly designed.

The publication of ‘Connected Places Cyber Security Principles’ is intended to mitigate these risks by helping CISOs, cyber security architects and other relevant personnel consider the high level security requirements and principles that should govern smart cities in the UK.

The launch of the principles comes ahead of NCSC’s CYBERUK 2021 virtual conference (May 11 – 12) which will feature a session discussing the risks and opportunities of smart cities.

Subscribe to the CYBERUK YouTube channel for all of the latest event content as we go fully virtual for the first time with CYBERUK21.

Dr Ian Levy, Technical Director, NCSC recently said:

Local authorities are using sensors and intelligent systems to improve our lives and make our cities more efficient and environmentally friendly. 

While these benefits should be embraced, it’s important to take steps now to reduce the risk of cyber attacks and their potentially serious impact on these interconnected networks. I urge every individual and organisation establishing a connected place in the UK to consult our newly published cyber security principles.

It’s our collective responsibility to ensure that our cities of the future are safe and resilient.

Digital Infrastructure Minister Matt Warman recently said:

New digital technology is going to improve our lives and help protect the environment, but it is essential we take steps now to make connected places more resilient to cyber attacks.

Local leaders and innovators should follow the National Cyber Security Centre's expert guidance so our cities, towns and rural areas can unlock the benefits of smart, internet-connected infrastructure in a safe and secure way.

The principles advise local authorities to understand their connected places by considering required cyber security governance and skills, the role of suppliers, risks and more.

They also explain how connected places can be designed to protect data, be resilient and scalable, less exposed to risk and supported by sufficient network monitoring.

When it comes to running a connected place, the principles outline how privileges, supply chains and incidents should be managed.


Channel website:

Original article link:

Share this article

Latest News from
National Cyber Security Centre