The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC UK), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC NZ) recently released a joint guide: Cybersecurity Best Practices for Smart Cities.
Integrating public services into a connected environment can increase the efficiency and resilience of the infrastructure that supports day-to-day life in our communities. However, communities considering becoming “smart cities” should thoroughly assess and mitigate the cybersecurity risk that comes with this integration. This guide is intended to help communities navigate through this complex and important work.
The joint guide provides an overview of risks to smart cities, including expanded and interconnected attack surfaces; information and communications technologies (ICT) supply chain risks; and increasing automation of infrastructure operations. To protect against these risks, the government partners offer three recommendations to help communities strengthen their cyber posture: secure planning and design, proactive supply chain risk management, and operational resilience.
Strategies for secure planning and design include enforcing multifactor authentication, implementing zero trust architecture, protecting internet-facing services, and patching systems and applications in a timely manner.
Proactive supply chain risk management recommendations include setting clear requirements for software, hardware, and Internet-of-Things (IoT) supply chains, and carefully reviewing agreements with third-party vendors, such as managed service providers and cloud service providers.
In the event of a compromise, operational resilience strategies, such as workforce training and incident response and recovery plans, can prepare organizations to isolate affected systems and operate infrastructure with as little disruption as possible.
Today’s joint guide is a continuing example of the strong collaboration CISA has with our partners in the U.S. and around the globe to provide timely and useful cyber risk management guidance. The cybersecurity best practices outlined here are designed to help evolving connected communities better protect their infrastructure and sensitive data.
CISA Director Jen Easterly
The Cybersecurity Best Practices for Smart Cities guide is available to download from CISA. For more on CISA’s work to help cities and communities mitigate the cybersecurity risk, visit Connected Communities.