Guidance on how to take a security-minded approach to developing smart cities
Last updated: 30 September 2020
The underlying premise of smart cities is that greater availability of data and information, integration of services and systems, and outcome-based contracting can increase the capacity, efficiency, reliability and resilience, and thereby availability, of existing assets to enable enhanced service provision for its citizens.
A key purpose of a smart city is to join up specific vertical sectors (e.g. utilities, transport, health, etc.) across organisational boundaries into a whole-city approach for the creation, delivery and use of city spaces and services. These changes should allow the city to:
- take better account of the needs of current and future citizens;
- integrate physical and digital planning;
- more efficiently and sustainably identify, anticipate and respond to emerging challenges, including emergency situations; and
- increase the capacity for service delivery and innovation which in turn has the capability to drive efficiencies and effectiveness.
Advancements in digital engineering, information and communication technologies are significant enablers of these changes. However, the increased use of, and dependence on, these technologies, especially when coupled with much wider sharing and use of city data and information, and new service delivery models, also creates significant vulnerabilities and associated security issues. A range of threat actors might seek to make use of these vulnerabilities in order to compromise the value, longevity and ongoing use of a city’s built assets and services, as well as the safety and security of its citizens.
The approach to security that is developed within a smart city will therefore need to differ from any security-minded policies and processes that might already be in place within an individual local authority or other service delivery organisation as it needs to respond to the new or enhanced vulnerabilities created by changes to existing ways of working.