Skip to main content
close search
site logo
Dive Brief

Cybersecurity best practices for smart cities issued by CISA

Published April 21, 2023
Michael Brady's headshot
Michael Brady Senior Editor
A creative image depicting cybersecurity that includes a lock.
greenbutterfly/iStock/Getty Images Plus via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday published a cybersecurity best practices guide for smart cities, warning that municipalities should carefully evaluate and address cybersecurity risks associated with connected public services and infrastructure. 

  • Communities should integrate cybersecurity strategy and risk management in their smart city technology plans and proactively manage supply chain risk to ensure all hardware and software are secure, the guide states.

  • To ensure that vital public services and infrastructure continue functioning if there’s a cybersecurity event, operational resilience is essential, according to the report. “The organizations responsible for implementing smart city technology should develop, assess, and maintain contingencies for manual operations of all critical infrastructure functions and train staff accordingly,” it says.

Dive Insight:

Smart cities are vulnerable to cybersecurity threats because they often collect, transmit and store large amounts of “sensitive information from governments, businesses, and private citizens,” the report says. The AI-powered software at the heart of many smart city solutions is also susceptible to attack, the report says. 

“The intrinsic value of the large data sets and potential vulnerabilities in digital systems means there is a risk of exploitation for espionage and for financial or political gain by malicious threat actors, including nation-states, cybercriminals, hacktivists, insider threats, and terrorists,” the report says. 

The report recommends several strategies to employ in smart city security planning and design:

  • Apply the principle of least privilege, which the National Institute of Standards and Technology defines as “the principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function,” according to the report.
  • Implement multifactor authentication on local and remote accounts.
  • Build zero-trust architecture that “requires authentication and authorization for each new connection.” 
  • Manage changes to internal architecture, including communications between subnetworks.
  • Quickly apply patches for hardware and software and, as much as possible, enable automatic updates. 

Other recommendations include securing vulnerable devices using virtual private networks and protecting smart city assets against theft and unapproved physical changes. 

The report calls for localities to develop processes to back up smart city systems and data, train their workforce, and develop and practice incident response and recovery plans to improve operational resilience.

In addition, it provides resources to help smart city leaders proactively manage supply chain risk, including hardware and IoT devices, software, and managed and cloud service providers. 

CISA developed the best practices guide in partnership with the National Security Agency, the Federal Bureau of Investigation and cybersecurity agencies in Australia, Canada, New Zealand and the United Kingdom.

Recommended Reading

Editors' picks

  • Aerial view of white bullet train in motion.
    Image attribution tooltip

    Kyodo/AP

    Image attribution tooltip
    Deep Dive

    Is US high-speed rail finally on a roll?

    With two projects underway, business, labor and government leaders see the dawn of a new industry that “could be a very important part of the U.S. economy,” said Transportation Secretary Pete Buttigieg.

    By Dan Zukowski and Shaun Lucas • Oct. 30, 2024
  • Aerial view of vegetation on the roof of a large building.
    Image attribution tooltip
    hapabapa via Getty Images
    Image attribution tooltip

    How US cities are investing in green infrastructure

    The nation’s largest city is spending millions on porous pavement while communities in the Midwest are greening neglected alleys to mitigate flooding.

    By Ysabelle Kempe • Oct. 24, 2024

Company Announcements

View all | Post a press release
How Local Governments Can Leverage Smart City Indicators to Enhance Urban Competitiveness
From Market Intelligence & Consulting Institute(MIC)
November 20, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
  • Aerial view of white bullet train in motion.
    Image attribution tooltip

    Kyodo/AP

    Image attribution tooltip
    Deep Dive

    Is US high-speed rail finally on a roll?

    With two projects underway, business, labor and government leaders see the dawn of a new industry that “could be a very important part of the U.S. economy,” said Transportation Secretary Pete Buttigieg.

    By Dan Zukowski and Shaun Lucas • Oct. 30, 2024
  • Aerial view of vegetation on the roof of a large building.
    Image attribution tooltip
    hapabapa via Getty Images
    Image attribution tooltip

    How US cities are investing in green infrastructure

    The nation’s largest city is spending millions on porous pavement while communities in the Midwest are greening neglected alleys to mitigate flooding.

    By Ysabelle Kempe • Oct. 24, 2024
Latest in Transportation
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell