Connected Communities are communities (e.g., rural, suburban, and urban) which leverage networks of connected technologies to provide more efficient, innovative, and sustainable infrastructure across the nation.
Increasingly, localities across the United States and internationally are implementing “smart” connected technologies across critical infrastructure sectors, seeking cost-savings and enhanced quality-of-life for their citizens. The interconnectedness and interdependence of these smart technologies introduces an expanded attack surface, increasing the potential for malicious activity and, ultimately, cybersecurity compromise.
The Connected Communities Initiative (CCI) represents a shift in CISA’s focus from exclusively supporting the security and resilience of 5G networks, to the comprehensive examination of the technologies in which those networks are intended to enable. Integrating a greater number of previously separate infrastructure systems into a single network environment expands the digital attack surface, increasing opportunities for threat actors to successfully exploit a vulnerability for initial access, move laterally across networks, and cause cascading, cross-sector disruptions of infrastructure operations. The possible impacts due to these risks have prompted CISA, through the National Risk Management Center (NRMC), to establish this initiative to develop, organize, and coordinate risk mitigation strategies relating to smart and connected technologies.
Joint U.S. & international guide to help communities considering smart city technologies understand cybersecurity risks that comes with this integration and best practices to strengthen their cyber posture.
CISA campaign on the importance of building cybersecurity into the design and manufacture of technology products.
Risks to Connected Communities
Connected Communities represent an opportunity, especially for state and local governments, to improve the lives of their constituents through technological innovation and data-driven decision making. However, the increased reliance of critical infrastructure operations on converged information technology (IT) and operational technology (OT) systems to operate, could potentially lead to disruptions of service or critical processes, resulting in significant cascading impacts throughout U.S. critical infrastructure.
The compromise of smart and connected technologies could introduce new risks to infrastructure operations of State, Local, Tribal and Territorial (SLTT) stakeholders which, if exploited, could impact critical infrastructure operations and the security of sensitive government and personal data. CISA is committed to working with government, industry, and international partners to develop, organize, and coordinate risk mitigation strategies relating to smart and connected technologies.
Lines of Effort
The NRMC has identified an initial set of four Lines of Effort (LOE) targeted to address the risks that smart connected technologies pose to National Critical Functions (NCFs) and critical infrastructure. The following LOEs will be planned and executed in close collaboration with key partners:
Assess the risks, both cyber and physical, that smart technologies pose to Connected Communities stakeholders.
Establish an inward and outward flow of trusted information to understand obstacles and success, and disseminate lessons learned and best practices relating to the development, deployment, and employment of smart and connected technologies.
Create products and resources that promote the secure and resilient deployment of smart technologies by Connected Communities stakeholders.
Support Policy and Standards Development:
Act as a trusted voice, offering sound risk management principles and perspectives, within the Federal and SLTT policy and standards community to inform the development of policy and standards.