Principles for designed-in security and privacy for smart cities

Abstract

This paper presents the design and implementation of a process for an exploratory study that identifies a set of principles for designed-in security and privacy for smart city projects from among Global City Teams Challenge (GCTC) - Smart and Secure Cities and Communities Challenge (SC3) participants. The study was conducted based on information from the National Institute of Standards and Technology (NIST) GCTC Action Clusters database and interactions with the project teams. A research process was developed and implemented, comprising the following three steps: (1) Investigate project descriptions created by the project leads on the NIST GCTC database and other public sources; (2) Gather additional input from volunteer GCTC collaborators; and (3) Identify a set of governing principles commonly shared by examples of GCTC projects. Based on the outcomes of this process, a set of common principles has been identified that enable designed-in security and privacy considerations among the projects: specific technology usage, implementation of a cybersecurity management process and framework, and cybersecurity expertise and public-private partnerships. Characteristics of planning and implementation of security and privacy considerations from four example GCTC projects are described and analyzed in detail to illustrate the process.