Security Surgery with Matt Lewis Part One: Smart Cities

As part of our Always On, Always Here campaign, which explores how we make our connected society safer and more secure, we’re answering some key questions about cyber security in smart cities, everyday routines, connected health and more.

In this four-part series, Matt Lewis, Research Director, provides the answers and explains how the work we do shapes and secures our society in ways that you might not be aware of.

Today, we’re focusing on the biggest threats to smart cities and best practices for city planners. Watch the video or read the Q&A below and get in touch if you want to find out more.

What is the biggest threat to smart cities in the next five years?

The threats to smart cities cover a wide spectrum, including everything from citizens abusing technology to commit fraud, to nation-state actors affecting or disrupting the operation of entire smart cities.

Overall, the main theme around the threat of smart cities is the interconnectivity of systems. Many of those systems will be critical, so the ability to affect, significantly damage or cause significant ill-effect by exploiting any underpinning technical or procedural issues in smart city components can be an issue.

How can city planners maintain oversight of a smart city’s security posture over time?

Unlike the corporate environment, in which there are usually quite clearly defined roles for security like a Chief Information Security Officer, Data Protection Officer, Privacy Officer, those types of roles don’t typically exist in smart cities within municipalities. As a result, there’s currently an uncertainty within local authorities around who’s responsible for security and risk.

The first things for city planners to understand and consider are those roles, a governance model and ensuring that they are tightly understood. We recommend that authorities set up security working groups that involve people from all relevant or interested parties.

For example, you might have representatives from legal, representatives from corporate IT and from urban planning. You might even engage citizens as part of that working group and, within that group, there should be a better understanding of what the security objectives are, and what the governance model should be for that city.

What is NCC Group doing to make smart cities more secure?

Much of the security of smart cities relates to operational, wide-ranging sensor-based networks. We’re working with those sensor manufacturers to help them understand how they can maximise the security assurance in their embedded systems at the hardware layer, and also how they can securely integrate into cloud based and back end systems to aggregate the data from those sensor networks.

We’re also engaged with local authorities and municipalities around the security architecture and design of their smart city applications in line with their overall visions for what their smart cities are looking to achieve. Specifically, we’re also helping them understand and address how they can best tackle concepts of privacy by design and security by design, so they can appease a lot of the concerns that citizens have about the vast amounts of data that are collected within smart city applications.

We recently produced a whitepaper, A Blueprint for Secure Smart Cities, which is available from our newsroom, that outlines several security considerations based on our experiences of working with a number of parties involved in smart cities. This includes everything from hardware manufacturers of sensor networks right through to system integrators and municipalities and their visions for smart cities.