There is no one pathway to effective cyber security for connected places systems and organisations need to share best practice, according to newly published research on the issue.
The Department for Science, Innovation and Technology (DSIT), has published the report on an international evidence project carried out by innovation company Plexal.
It comes in response to a growing awareness of the cyber vulnerabilities of connected places – often referred to as smart cities.
Among the report’s conclusions is that there is no single approach to ensure their security, and that different countries are taking different approaches to providing guidance to public and private organisations – often with nuances within each country.
This has led to some cities, such as Brussels in Belgium, developing localised guidance, regulation and principles for cyber security.
Singapore shows leadership
But the report says it is key to share best practice in-country, and globally, wherever possible. It cites Singapore as one of the most advanced smart cities in the world, pointing out it has developed cyber security labs, policies and strategies to protect the digital infrastructure of connected places.
It also refers to US SuperClusters, in which the US government has sponsored the development of groups of organisations focused on different technology verticals.
“That structure has now been owned regionally, showing that with the right stimulus, regional bodies can take responsibility for security in their area and make sure that those nuanced requirements are addressed,” it says.
The conclusions also include the need for national and regional governments to ensure that organisations comply with guidance, and to address the ethical concerns in areas such as the deployment of surveillance technologies.
The report adds: “The pinnacle of international best practice sharing is when countries can come together to develop cross-border standards. This is a big driver for the manufacturers of connected technologies to bring their solutions in line with what those governments expect, as their addressable markets now all require the same level of security built into the hardware or software by design.
“It’s key to avoid specifics that favour just one country, but if done correctly, these sorts of standards could be extremely effective.”
Greater attack surface
An insight into DSIT’s perspective was provided at last week’s UKAuthority’s Smart Places and Communities conference by Andrew Elliot, deputy director of cyber security, innovation and skills at DSIT.
“As we connect different technologies across realms in a single place, we are creating a greater attack surface and increasing potential risk from wider cyber threats,” he said. “Often in this environment there are different systems that have been brought together with no clear lines of accountability or responsibility for security; the boundaries are sometimes unclear.
“So to achieve the benefits of connected places in a safe and secure way we’ve been working to try to ensure security is one of the key building blocks as organisations invest in this kind of infrastructure.”
He referred to DSIT’s publication earlier this year of the Secure Connected Places Playbook for local authorities, which covers several key cyber security challenges, and said it will work with partners to simplify the guidance.