NCSC Publishes 14 Cyber Security Principles for Connected Places

Today, techUK welcomes the landmark publication of 14 cross-cutting cyber security principles for connected places which have been developed by the UK’s National Cyber Security Centre (NCSC)

These principles aim to provide system owners, designers, vendors, and operators with a guide for devising high-level requirements and principles to secure connected places- which are referred to in the publication as: 

communities that integrate information and communication technologies and IoT devices to collect and analyse data to deliver new services to the built environment, and enhance the quality of living for citizens 

Connected places are already being deployed to deliver better outcomes for our people, economy, society and planet. However, as indicated in a blog by the NCSC Technical Director, there is an urgent need to ensure that connected places are safe and resilient.  

The scale and sophistication of hostile activity is on the rise and the interdependent relationship that connected places have with core components of the UK’s critical national infrastructure (CNI) makes them an attractive target for a wide range of threat actors. 

As such, techUK warmly welcomes the release of these principles, which will help designers, owners and managers of connected place systems well-informed cyber security choices (and encourage the citizens who live and work there to trust these connected places). 

This guidance is primarily for UK local and national authorities responsible for the design, build, and operation of UK connected places. 

It is particularly relevant for risk owners, CISOs, cyber security architects and engineers, and other personnel who will be running the day-to-day operations of the connected places infrastructure. 

The NCSC recommends that these principles should be read in conjunction with advice from the Centre of Protection of National Infrastructure (CPNI), which focuses on physical and personnel security with a Security Minded approach to Smart Cities

Following the publication of these principles, the NCSC is now prioritising engagement with local authorities, wider HMG, industry, and academia to ensure that the cyber resilience of connected places continues to be recognised as a critical success factor for cities across the UK. 

techUK is delighted to be engaging closely with the NCSC team in this area and is in the process of providing targeted input via our cross-market, interdisciplinary Smart Cities Working Group (SCWG)- a collective of over 30 technology companies leading the way in the cyber-resilient application of connected place systems. 

Get in touch with Tom Henderson, Programme Manager for Smart Infrastructure & Systems at techUK ([email protected]) if you would like to learn more about the trajectory of our work in this area, or if you would like to provide us with your views on the principles released today.