I am not going to reinvent the wheel here as whilst it is rare to find good business and system design guide principles the UK NCSC has detailed 5 key principles for cyber security which I think are very relevant to Smart City cyber security. The following table outlines each one as well as my highlighted key sections.
Link for more information on UK NCSC secure design information.
| Principle | Description | Key section |
| 1. Establish the context before designing a system | Before you can create a secure system design, you need to have a good understanding of the fundamentals and take action to address any identified short-comings. | 1.2 Understand the threat model for your system Smart City Threat Model |
| 2. Make compromise difficult | Designing with security in mind means applying concepts and using techniques which make it harder for attackers to compromise your data or systems. | 2.3 Gain confidence in crucial security controls Smart City Security Controls |
| 3. Make disruption difficult | When high-value or critical services rely on technology for delivery, it becomes essential that the technology is always available. In these cases the acceptable percentage of ‘down time’ can be effectively zero. | 3.4 Identify where availability depends on a third party and plan for the failure of that third party Smart City Threat Model |
| 4. Make compromise detection easier | Even if you take all available precautions, there’s still a chance your system will be compromised by a new or unknown attack. To give yourself the best chance of spotting these attacks, you should be well positioned to detect compromise. | 4.1 Collect all relevant security events and logs Smart City Threat Model |
| 5. Reduce the impact of compromise | Design to naturally minimise the severity of any compromise. | 5.4 Make it easy to recover following a compromise Smart City Security Controls |
Smart City Cyber Security 