Connected Communities

Connected Communities leverage networks of connected technologies to provide more efficient, innovative, and sustainable infrastructure across the nation.

Increasingly, localities across the United States and internationally are implementing “smart” connected technologies across critical infrastructure sectors, seeking cost-savings and enhanced quality-of-life for their citizens. The interconnectedness and interdependence of these smart technologies provides a community with many benefits while also introducing an expanded attack surface, increasing the potential for malicious activity and cybersecurity compromise.

CISA’s Role

The Connected Communities Initiative (CCI) represents a shift in CISA’s focus from exclusively supporting security of 5G networks, to a comprehensive examination of the technologies in which those networks enable. Integrating a greater number of infrastructure systems into a single network environment increases opportunities for threat actors to successfully exploit a vulnerability for initial access, move laterally across networks and cause cascading, cross-sector disruptions of infrastructure operations. The possible impacts due to these risks have prompted CISA, through the National Risk Management Center (NRMC), to establish this initiative to develop, organize, and coordinate risk mitigation strategies relating to smart and connected technologies.

Risks to Connected Communities

Connected Communities represent an opportunity, especially for state and local governments, to improve the lives of their constituents through technological innovation and data-driven decision making. However, the increased reliance of critical infrastructure operations on converged information technology (IT) and operational technology (OT) systems to operate, could potentially lead to disruptions of service or critical processes, resulting in significant cascading impacts throughout U.S. critical infrastructure.

The compromise of smart and connected technologies could introduce new risks to infrastructure operations of State, Local, Tribal, and Territorial (SLTT) stakeholders which, if exploited, could impact critical infrastructure operations and the security of sensitive government and personal data. CISA is committed to working with government, industry, and international partners to develop, organize, and coordinate risk mitigation strategies relating to smart and connected technologies.

Product Survey Feedback

Let's Get Started

We welcome your feedback! Please share your thoughts about CCI products through this voluntary, anonymous Product Feedback Survey.

Product Feedback Survey

Lines of Effort

The NRMC has identified an initial set of four Lines of Effort (LOE) targeted to address the risks that smart connected technologies pose to National Critical Functions (NCFs) and critical infrastructure. The following LOEs will be planned and executed in close collaboration with key partners:

Risk Analysis

Assess the risks, both cyber and physical, that smart technologies pose to Connected Communities stakeholders.

Stakeholder Engagement

Establish an inward and outward flow of trusted information to understand obstacles and success, and disseminate lessons learned and best practices relating to the development, deployment, and employment of smart and connected technologies.

Product Development

Create products and resources that promote the secure and resilient deployment of smart technologies by Connected Communities stakeholders.

Support Policy and Standards Development

Act as a trusted voice, offering sound risk management principles and perspectives, within the Federal and SLTT policy and standards community to inform the development of policy and standards.

Related Resources

View more resources

Internet of Things (IoT) Acquisition Guidance Document

PUBLICATION

Identifies considerations for the purchase of IoT devices, systems, and services.

Download File (PDF, 3.03 MB)

How to Write a Connected Community Strategy