Standards and Best Practice to support Smart City Cyber Security and City Regulation and Compliance

As more technology is designed and developed for smart cities, to manage individual services or complex platform solutions, these technologies will be governed by compliance and regulation to control use and operation. Their generation and management of data will be a key focus as well as how they are secured and monitored. It is this data that may be a “Focus of Interest” for some attack actors or the disruption or sabotage of it that is of interest to others. The following articles are an interesting look at the range of regulatory challenges and complex integration issues.

The second challenge is then the role of integrating Smart City Policy and Regulation with Cyber Security standards and best practice. The range of cyber security standards and regulations currently available provide a combination of guidance, best practice, dependencies and principles to help define and support the capabilities required to protect Smart Cities. They may not be specific to smart cities as yet but they have been developed and refined over recent years and the instruction is very valid. In many cases, much of the criteria for a security capability should come from current standards and best practice until specific guidance is produced.

Implementing part or all of a standard may increase the effectiveness and maturity of a capability. This is particularly important for the key Detect and React capabilities which will focus on the means to identify a threat and how to respond to it. Regulations for Smart Cities and various Smart Services may well come into force as defined by individual Governments as well as Standards that City Administrators will need to consider in order to direct cyber security services.