Connected Communities

Connected Communities are communities (e.g., rural, suburban, and urban) which leverage networks of connected technologies to provide more efficient, innovative, and sustainable infrastructure across the nation.

Increasingly, localities across the United States and internationally are implementing “smart” connected technologies across critical infrastructure sectors, seeking cost-savings and enhanced quality-of-life for their citizens. The interconnectedness and interdependence of these smart technologies introduces an expanded attack surface, increasing the potential for malicious activity and, ultimately, cybersecurity compromise. 

CISA’s Role

The Connected Communities Initiative (CCI) represents a shift in CISA’s focus from exclusively supporting the security and resilience of 5G networks, to the comprehensive examination of the technologies in which those networks are intended to enable. Integrating a greater number of previously separate infrastructure systems into a single network environment expands the digital attack surface, increasing opportunities for threat actors to successfully exploit a vulnerability for initial access, move laterally across networks, and cause cascading, cross-sector disruptions of infrastructure operations. The possible impacts due to these risks have prompted CISA, through the National Risk Management Center (NRMC), to establish this initiative to develop, organize, and coordinate risk mitigation strategies relating to smart and connected technologies.

Risks to Connected Communities

Connected Communities represent an opportunity, especially for state and local governments, to improve the lives of their constituents through technological innovation and data-driven decision making. However, the increased reliance of critical infrastructure operations on converged information technology (IT) and operational technology (OT) systems to operate, could potentially lead to disruptions of service or critical processes, resulting in significant cascading impacts throughout U.S. critical infrastructure.

The compromise of smart and connected technologies could introduce new risks to infrastructure operations of State, Local, Tribal and Territorial (SLTT) stakeholders which, if exploited, could impact critical infrastructure operations and the security of sensitive government and personal data. CISA is committed to working with government, industry, and international partners to develop, organize, and coordinate risk mitigation strategies relating to smart and connected technologies.