Smart cities that use technology to make services more efficient are an “attractive” target for cyber attackers looking to disrupt British infrastructure or steal data, UK spooks have warned.
The National Cyber Security Centre (NCSC), which is part of GCHQ, today issued a new set of security principles for local authorities to ensure their networks are resilient to cyber attacks.
Connected places, which include so-called smart cities as well as connected rural environments, use tech such as internet of things (IoT) devices and sensors to improve efficiency.
Examples include sensors to monitor pollution levels to reduce emissions, parking sensors to provide real-time information on space availability and traffic lights configured to cut congestion.
But while the technology offers significant benefits to citizens, the NCSC warned they were potential targets for hostile actors due to the critical functions they provide and sensitive data they process.
The spooks warned that an attack on a single system in a smart city could potentially have an impact across the entire network if it is badly designed.
The report sets out cybersecurity guidance on how to securely design, build and manage smart cities to ensure they are not vulnerable to attacks.
It comes amid growing concerns that hostile states such as China could use technology embedded in critical British infrastructure to launch cyber attacks or steal data.
The government has already banned Chinese tech giant Huawei from building the UK’s 5G networks and telecoms companies have until 2027 to strip out any existing kit.
Networks also use tech made by Swedish firm Ericsson and Finland’s Nokia, but a new taskforce has been set up to help find new suppliers of 5G — which underpins smart city technology — following the Huawei ban.
“Local authorities are using sensors and intelligent systems to improve our lives and make our cities more efficient and environmentally friendly,” said Dr Ian Levy, NCSC technical director.
“While these benefits should be embraced, it’s important to take steps now to reduce the risk of cyber attacks and their potentially serious impact on these interconnected networks. I urge every individual and organisation establishing a connected place in the UK to consult our newly published cyber security principles.”
David Rees, head of local government services at PA Consulting, welcomed the principles but warned they required action at a time when councils were facing “increasing demands and funding pressures”.
“Many local authorities will lack the cyber security and privacy expertise needed to take action across the broad range of smart connected services,” he said. “To ensure success, councils will need to establish a programme of work, engage the relevant specialists (including the NCSC) and work collaboratively with other nearby authorities.”