Cabinet Office document on cyber security in science and technology points to vulnerabilities in the internet of things
The Government is to advocate a ‘secure by default’ principle in technology used for smart places, with cyber security being a cornerstone of their designs.
The commitment has been included in a new Interim Cyber Security Science & Technology Strategy, published by the Cabinet Office as an element of the National Cyber Security Strategy.
It points to several elements of smart cities’ development, and the use of internet of things (IoT) devices that will cause headaches around cyber security. These include the security of end point devices; ensuring all devices and networks are built with security by default in mind; that there is appropriate identity management, authentication and authorisation; and that data from new sources – such as GPS satellites and radio telescopes – is protected.
The document says the secure by default principle should be a key feature in responding to the threats, and points to a handful of initiatives that will support the effort.
Among the initiatives highlighted in the strategy are the Department for Digital, Culture, Media and Sport’s (DCMS) review of government’s role in ensuring the generation of consumer connected devices and services are secure by default, and its work with other departments in the field.
DfT action plan
The Department for Transport has a project to develop a smart city action plan aimed at local authority leaders, which should deal with some of the barriers including cyber, physical and personnel security.
Another is the Digital Built Britain programme, which covers the use of digital tools such as building information modelling (BIM) in designing assets. This should involve coordinated technical standards to ensure there are seamless links in the technology and provide security.
Similarly, the British Standards Institution is working on standards for smart places that will set out requirements for a security-minded approach, covering governance, physical, personnel and cyber security.
“We must ensure the public and all organisations, large and small, can protect themselves against the cyber threats from emerging technologies,” the strategy says. “IoT devices are recognised as introducing vulnerabilities to the economy that the public could help address while protecting their own devices from abuse.”
The document also points to the potential for using artificial intelligence as a key tool in identifying and responding to cyber threats. It can analyse data flowing across networks to spot anomalies and threats, and ensure there is an immediate response to prevent any damage.
Image: Harland Quarrington/MoD, Open Government Licence v1.0 through Wikimedia