Cyber-Liabilities  for Connected Places

As the world continues to become more dependent on technology, many individuals, organisations and even places may now exist in a state of being consistently connected with each other. As such, the National Cyber Security Centre (NCSC) has released new cyber-security guidance for connected places.

Connected places—often referred to as smart cities—may offer a variety of different conveniences related to technology. The primary goal of a connected place is to improve and enhance daily quality of life for its associated citizens. Technology may be able to optimise the following operations in a connected place:

  • Traffic light management
  • Closed-circuit television services
  • Street light management
  • Parking management
  • Transport services
  • Waste management

However, it’s important to understand that with technology becoming more involved in everyday life, there may also be additional cyber-exposures.

The NCSC guidance is of particular relevance for risk owners, chief information security officers, cyber-security architects, engineers and other personnel who may be responsible for the day-to-day operations of the infrastructure in connected places.

While having consistent connections between all corners of a smart city may offer convenience and expedite certain tasks, this also means that some systems will be tempting targets for cyber-criminals. In the event that a connected place’s systems are compromised, it could affect not only public infrastructure, but also the private and sensitive data of employers or ordinary citizens. In particular, local authorities could be at risk of having information stolen and experiencing reputational damage.

The NCSC has set its focus on educating local authorities about how the systems and technology of a connected place must be managed. Three of the NCSC’s highest priorities are:

  1. Using thorough analysis and management of any potential threats or vulnerabilities to assure citizens in connected places that their data will be kept safe
  2. Protecting the services of connected places by enhancing cyber-resilience
  3. Securing connected places by working with the Centre for the Protection of National Infrastructure and other partners to support national, local and regional authorities

For more details on the NCSC’s connected places guidance, click here.

Understanding Asset Management within Connected Places    

When considering optimal cyber-security practices, it’s important for organisations to have a complete understanding of what they are protecting. Having detailed information on every organisational asset is key for being able to properly assess cyber-security needs and potential cyber-risks.

An asset can be defined as anything that produces value for an organisation. This may include intellectual property and customer data. Managing these assets properly can help employers in various aspects of organisational cyber-security. For example, risk management cannot be conducted accurately if the assessment does not include certain cyber-related assets.

When approaching asset management for cyber-security purposes, organisations should consider the following steps:

  • Check assets regularly. Continuously assess and account for assets to maintain an accurate inventory and detect potentially unauthorised changes.
  • Stay on the same page. Make asset-related records available to all stakeholders and necessary personnel, and ensure that all parties agree upon the findings.
  • Keep detailed records. As information related to assets is regularly collected, make sure that timestamps or confidence scores are used to demonstrate if the records may be outdated or uncertain.
  • Consider confidentiality. Limit access to all assets. Consider which assets are relevant or necessary for certain employees to access and consider blocking others.
  • Categorise assets accordingly. Sorting assets into various levels based on importance can help with assessing risk levels and cyber-security measures.

Poor asset management can create major weaknesses in cyber-security. For more information on this subject, click here.