The UK’s National Cyber Security Centre has published as set of principles for local authorities and partners to establish secure smart cities.

The government body believes the advice will help councils embrace opportunities smart cities bring while protecting critical public services from threat of cyber attacks. The principles outline how to design, manage and build smart cities securely.

Local and national authorities are being offered the guidance to protect their citizens by making their connected places resilient to cyber attacks.

The National Cyber Security Centre (NCSC) is part of GCHQ, the UK’s security intelligence organisation. The principles should help all UK authorities secure smart cities and their underlying infrastructure.

Connected places – which include smart cities and connected rural environments – use networked technology such as IoT devices and sensors to improve the efficiency of services and therefore the quality of citizens’ lives.

Examples of smart city technology include the use of sensors to monitor pollution levels to reduce emissions, parking sensors to offer real-time information on space availability and traffic lights configured to cut congestion. This technology can help councils work towards net zero carbon, deliver a more sustainable environment and improve service efficiency.

While smart cities offer significant benefits to citizens, they are also potential targets for cyber attacks due to the critical functions they provide and sensitive data they process, often in large volumes. The compromise of a single system in a smart city could potentially have a negative impact across the network, if badly designed.

The publication of the principles is intended to mitigate these risks by helping cyber-security architects and other relevant personnel consider the high-level security requirements and principles that should govern smart cities.

“Local authorities are using sensors and intelligent systems to improve our lives and make our cities more efficient and environmentally friendly,” said Ian Levy, technical director at NCSC. “While these benefits should be embraced, it’s important to take steps now to reduce the risk of cyber attacks and their potentially serious impact on these interconnected networks. I urge every individual and organisation establishing a connected place in the UK to consult our newly published cyber security principles. It’s our collective responsibility to ensure that our cities of the future are safe and resilient.”

The principles advise local authorities to understand their connected places by considering required cyber security governance and skills, the role of suppliers, risks and more. They also explain how connected places can be designed to protect data, be resilient and scalable, less exposed to risk, and supported by sufficient network monitoring.

When it comes to running a connected place, the principles outline how privileges, supply chains and incidents should be managed.

“New digital technology is going to improve our lives and help protect the environment, but it is essential we take steps now to make connected places more resilient to cyber attacks,” said the UK government’s digital infrastructure minister Matt Warman. “Local leaders and innovators should follow the NCSC’s expert guidance so our cities, towns and rural areas can unlock the benefits of smart, internet-connected infrastructure in a safe and secure way.”

The launch of the principles coincides with NCSC’s Cyber UK 2021 virtual conference this week that includes a session discussing the risks and opportunities of smart cities.