Secure connected places (smart cities) guidance collection
A collection of important guidance on the security of connected places, also known as smart cities.
Documents
Details
This collection brings together key government guidance on the security of connected places (also known as ‘smart cities’). If you buy or operate connected places technologies, this collection will help guide security decisions and processes on the design, implementation and management of your connected place.
About the guidance
This is a comprehensive collection of government guidance on the security of connected places. The guidance has been developed by a range of organisations, often in partnership with local authorities, and drawn together by the Department for Science, Innovation and Technology (DSIT). It will help buyers and operators of connected places technology have greater confidence in the security and resilience of their connected place technologies and the information they generate.
By following this guidance, you can make your connected places systems more resilient to cyber security threats, helping you to avoid the related adverse effects of an incident such as personal data loss, reputational damage and loss of user trust.
What is a connected place/smart city?
A ‘connected place’ is defined by the National Cyber Security Centre (NCSC) and the National Protective Security Authority (NPSA) as “a community that integrates information and communication technologies and Internet of Things (IoT) devices to collect and analyse data to deliver new services to the built environment, and enhance the quality of living for citizens”. A connected place will use a system of sensors, networks and applications to collect data to improve its operation, including its transportation, buildings, utilities, environment, infrastructure and public services.
Connected places can provide a range of functions and services to citizens. However, strengthening and maintaining cyber resilience within these technological systems and the security-mindedness of the people deploying them is crucial to ensure connected places are adequately ‘secure’ and associated data is protected. Where reference is made to ‘connected places technologies’ this refers to the technology that commonly underpins a connected place system.
Content
This guidance collection has been categorised into the following 7 sections:
- Foundation: aimed at providing all roles within an organisation with a grounding in securing connected places
- Designing your connected place to be resilient: sets out how connected places can be designed to be resilient to cyber attacks or other security events
- Designing and managing your connected place architecture: outlines the structures, principles and activities you need to consider and implement to give confidence in the architecture of a connected place
- Designing and managing your connected places system administration: sets out an overview to secure system administration design and management
- Designing your connected place to protect its data: outlines key considerations and best practice to design a connected place to protect its data
- Managing incidents and planning your response and recovery: to assist with the creation and maintenance of your cyber incident response procedures.
- Managing your connected place’s procurement and supply chain: outlines considerations when assessing supplier security practices and the supplier’s supply chain.
Further support
If you would like to get in touch with a question relating to the security of your connected place, please get in touch.
For guidance-specific information
Contact the National Cyber Security Centre at [email protected]
Contact the National Protective Security Authority (NPSA) using the contact form on the NPSA website.
For policy information
Contact DSIT at [email protected]
This new guidance collection was published on 15 December 2021.
Updates to this page
Published 25 October 2021Last updated 10 July 2023 + show all updates
-
Updated to include the Secure Connected Places Playbook guidance.
-
Added "Mapping your supply chain" - new guidance from the National Cyber Security Centre.
-
Added two new pieces of guidance to the to the “Managing your connected place’s procurement and supply chain” page.
-
A comprehensive new guidance collection on secure connected places for local authorities and others involved in "smart cities." This collection has been tested with users and revised and updated in response to their feedback.
-
First published.