As technology advances, so does the threat to cybersecurity. Quadrant Smart sits down with Ian McCormack, NCPS Deputy Director for Government to discuss the need for cybersecurity principles to lower the threat.
The National Cyber Security Centre has produced Connected Places Cyber Security Principles in order to help businesses and local authorities increase their defence against cybercrime as we build smarter cities.
These principles aim to improve the way Connected Places (also known as Smart Cities) are designed, built and managed. Principles are important when we consider the continued global ransomware attacks in recent times.
Fundamentally, the aim of a connected place is to enhance the quality of living for citizens through collaborative, interactive, and connected technology. Talking to Quadrant Smart, Ian McCormack, NCPS Deputy Director for Government, explained: “Cybersecurity should be considered at every stage of developing connected places, and in our Cyber Security Principles guidance, we have split considerations into three main areas.”
By having three simple areas of focus, there is hope that Connect Places can be safe and secure. Ian told Quadrant Smart: “The most important first step is to get to grips with what you want to achieve with your connected place; understanding the risks, the role of stakeholders and suppliers, their responsibilities for governance and any legal and regulatory requirements you might have.”
Secondly, the priority of anyone involved should be making sure their connected place is designed in a way that makes it resilient to cyber-attacks. “This means making sure that the infrastructure, processes and systems are secure by design” added, Ian.
Finally, the principle outlines: “It’s vital that connected places are operated securely throughout their lifecycles. This means managing vulnerabilities and maintaining secure configuration and access management, including throughout supply chains.”
Cybersecurity should be considered at every stage of developing connected places
Project fear or a wake-up call?
Cyber-attacks and cybersecurity dominate the headlines, but just how much of a threat are they?
Historically, as new technologies have arrived so have new fears ranging from damage to health all the way through to AI taking over the world. Despite the sci-fi movies of digital armageddon, the threat to Smart cities is real. We just have to look across the Atlantic to see the problems America are having controlling cybercrime.
“Because of the critical nature of services, connected places are an attractive target for cybercriminals. For example, ransomware poses a significant threat, which could lead to loss of service across the network of connected technologies or data breaches of sensitive data,” explained Ian.
This is why there has been a huge push to get every local authority on the same page. If connected systems are compromised, the consequences could impact the British public.
Ransomware poses a significant threat, which could lead to loss of service across the network of connected technologies or data breaches of sensitive data
Implications could range from breaches of privacy to the disruption or failure of critical functions. This could mean destructive impacts, which in some circumstances will directly impact the people living in the city.
There could also be impacts to the local authorities that are attacked. These could include a loss of reputation that could affect citizen participation or the financial impacts of dealing with the aftereffects of an attack.
Rounding up the interview Ian said: “By putting in place good cybersecurity practices and protections from the start, local authorities can help protect their citizens, keep their connected place operational and potentially save themselves money and reputational damage further down the line.”