How UK councils have tackled cyber security challenges to benefit their communities

The deadline for local authorities to register for the Secure Connected Places research project is Friday 23rd June

Connected places (also known as smart cities) are community-based locations that use technologies, enabling local authorities to enhance the quality of living for citizens.

With sensors, hardware, networks and applications used for connected places, local authorities can leverage insights to improve services from transport to utilities and more. However, there’s a risk of cyber attacks if the relevant security solutions aren’t in place to support the technology.

It was upon this foundation that Plexal started working on the Secure Connected Places research project with the Department for Science, Innovation and Technology (DSIT) in 2022 – work that’s continued into 2023. Together, we’ve worked with six local authorities – of differing locations, technical maturities and sizes – to respond to their security challenges linked to connected places. 

The result was a set of practical and accessible resources that support the cyber security of connected places – the Secure Connected Places Playbook. And now we have an opportunity for more local authorities to join the next stage of our programme.

To further refine and improve the alpha Playbook, Plexal and DSIT are working on a beta phase of the project, which will conduct more in-depth testing on the alpha Playbook with a larger cohort of local authorities.

Working with this cohort, beta testing will ensure that the alpha Playbook resources work for the practical needs of local authorities and identify whether any additional support is required.

Demonstrating the diverse needs of local authorities and the project participation benefits they experienced, we’ve rounded up the individual requirements of the councils we worked with and how they used the Secure Connected Places Playbook for a solution.

Westminster City Council

Westminster City Council had been developing a Smart City Operating System, a data sharing platform to drive economic and social value. The issue was uneven cyber security awareness across the organisation. Through the Playbook, Westminster City Council has since begun running sessions, delivering presentations to raise awareness across teams, which has unlocked new connected places service areas for another department.

Perth & Kinross Council

Perth & Kinross Council has an increasing interest in deploying the Internet of Things (IoT) for projects including smart waste and intelligent street lighting, resulting in development of an IoT Roadmap. Having joined the Secure Connected Places research project and picking up on the recommendations of the IoT Roadmap report, the council has been able to improve risk management and governance. 

Merthyr Tydfil County Borough Council 

Merthyr Tydfil County Borough Council was early in the development of its connected places projects, completing cyber assessments for all campaigns which were driven by a strong working relationship between the CISO, Data Protection Officer and procurement. A lack of corporate risk management and awareness among project teams meant a cyber security knowledge gap. Merthyr Tydfil County Borough Council applied guidance from the governance in a box resource improving the profile of connected places and processes for teams.

City of Bradford Metropolitan District Council

Bradford Council found little guidance on how to secure connected technologies when beginning its connected places journey, especially around IoT. The STRIDE-based threat analysis resource has since helped Bradford Council to address security issues before deploying technology and strengthen their pre-engagement process with potential suppliers. 

Dorset Council

Dorset Council has a well-functioning and mature procurement and supply chain management process, but there was a need to upskill colleagues outside of that field to understand cyber security considerations. Dorset Council has used learnings from the Secure Connected Places Playbook to enhance processes and internal expertise, better positioning for a suitable cyber security response to connected places projects.

South London Partnership

The South London Partnership has been shifting adult social care from analogue to digital, which has meant implementing an increased amount of IoT devices and solutions. Through the STRIDE methodology, the SLP successfully improved its threat analysis process to understand potential risks and resultant impacts, improving the ability for staff to conduct investigations.

If you’re interested in enhancing your connected places, visit our Secure Connected Places page for full information and the chance to get involved with our beta phase.