Press Release

U.S., U.K., Australia, Canada and New Zealand Release Cybersecurity Best Practices for Smart Cities


Cybersecurity officials provide recommendations and resources to help communities balance efficiency and innovation with cybersecurity, privacy protections, and national security

WASHINGTON – The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC UK), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC NZ) released today a joint guide: Cybersecurity Best Practices for Smart Cities.   

Integrating public services into a connected environment can increase the efficiency and resilience of the infrastructure that supports day-to-day life in our communities. However, communities considering becoming “smart cities” should thoroughly assess and mitigate the cybersecurity risk that comes with this integration. This guide is intended to help communities navigate through this complex and important work.  

The joint guide provides an overview of risks to smart cities, including expanded and interconnected attack surfaces; information and communications technologies (ICT) supply chain risks; and increasing automation of infrastructure operations. To protect against these risks, the government partners offer three recommendations to help communities strengthen their cyber posture: secure planning and design, proactive supply chain risk management, and operational resilience.

  • Strategies for secure planning and design include enforcing multifactor authentication, implementing zero trust architecture, protecting internet-facing services, and patching systems and applications in a timely manner.
  • Proactive supply chain risk management recommendations include setting clear requirements for software, hardware, and Internet-of-Things (IoT) supply chains, and carefully reviewing agreements with third-party vendors, such as managed service providers and cloud service providers.  
  • In the event of a compromise, operational resilience strategies, such as workforce training and incident response and recovery plans, can prepare organizations to isolate affected systems and operate infrastructure with as little disruption as possible.  

“Today’s joint guide is a continuing example of the strong collaboration CISA has with our partners in the U.S. and around the globe to provide timely and useful cyber risk management guidance,” said CISA Director Jen Easterly. “The cybersecurity best practices outlined here are designed to help evolving connected communities better protect their infrastructure and sensitive data.” 

“As our communities and public services increase their digital connectivity, it’s imperative that we balance new technological integration with good cyber security. The Canadian Centre for Cyber Security is happy to join our international partners to provide recommendations and best practices to help protect smart city technology. Together we can ensure that our communities are safely connected and prepared for any risks that lie ahead,” said Sami Khoury, Head of the Canadian Centre for Cyber Security.  

“Connected places have the potential to make everyday life safer and more resilient for citizens; however, it’s vital the benefits are balanced in a way which safeguards security and data privacy,” said Lindy Cameron, NCSC-UK CEO. “Our new joint guidance will help communities manage the risks involved when integrating connected technologies into their infrastructure and take action to protect systems and data from online threats.” 

“Smart city technologies provide opportunities for more innovative and sustainable communities, but they also broaden the attack surface and risks to our security and critical infrastructure,” said Abigail Bradshaw CSC, Head of the Australian Cyber Security Centre. “This guidance helps forward-thinking communities to securely integrate new technologies into existing infrastructure, ensuring the resilience and protection of the data, systems and interconnected infrastructure we need for our daily lives and business.” 

“The digital transformation of infrastructure can improve daily life, but increased connectivity may also expand attack surfaces and introduce new risks. No technology solution is completely secure. This guidance is a useful resource for organisations and communities seeking to balance innovation with cyber security,” said Lisa Fong, NCSC-NZ Deputy Director-General.

For more on CISA’s work to help cities and communities mitigate the cybersecurity risk, visit Connected Communities.

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit for more information and follow us on TwitterFacebookLinkedIn, Instagram