Executive Summary

            Smart  sustainable  cities  (SSC)  are  highly  dependent  on  information  and  communication
            technologies (ICTs), including Internet of Things (IoT), radio frequency identification (RFID), and
            machine‐to‐machine (M2M). The advanced underlying infrastructure not only resolves the need for
            hyper‐connectivity for smart sustainable city components and services, but also introduces higher
            levels of complexity and higher volumes of data. Increased system complexity opens new doors and
            opportunities for malicious cyberattacks and data loss in the case of serious incidents, including
            natural disasters. The linkages that exist between the higher levels of complexity, connectivity and
            data volumes that characterize SSC, which together lead to exacerbated levels of vulnerability to
            security threats, can be summarized as follows:

                    Hyper complexity + hyper connectivity + hyper data volumes = hyper vulnerability

            Given the increasing interconnectedness of smart sustainable city environments, security incidents
            can  prove  highly  penalizing  for  the  systems  they  affect,  for  the  city  services  they  control,  and
            ultimately for the citizens and end users of the services.

            A very compelling need for SSC is therefore to guarantee the protection of the relevant ICT systems
            and the various technologies involved, as well as the data used to govern the systems and the
            services.
            Cybersecurity, information protection and system resilience constitute political and governance
            issues at the forefront of new developments in this field. As they closely relate to both governance
            and policy, they require the attention of public administrators and decision‐makers, especially given
            the potential effects of malicious attacks and disasters on critical ICT systems and infrastructure,
            including citizens' deprivation of essential services, from transportation to utilities (e.g. smart grid,
            water management), health care, emergency services, and public safety, among others.

            With  appropriate  processes  in  place,  multi‐stakeholder  collaboration  and  good  governance,
            technology can provide tangible solutions to issues related to cybersecurity, information protection
            and system resilience.

            Within  this  context,  this  Technical  Report  provides  a  detailed  account  of  the  potential  cyber‐
            vulnerabilities of SSC, and a set of Recommendations to ensure the protection and resilience of the
            services offered to the citizens.
            This Technical Report is structured around nine sections.

            Section 1 provides the introductory background and scope. Section 2 provides working definitions
            for the notions that are at the core of this Technical Report, namely "resilience", "cybersecurity"
            and "data protection". Section 3 describes the main implications of ICT use in the contexts of SSC. It
            explores the IoT, the rising technology at the base of the SCC paradigm, as well as other ICTs that
            introduce new potential threats to the integrity and security of the systems involved. Section 4
            provides  a  general  overview  of  the  technical  architecture  of  SSC  in  order  to  contextualize  the
            analysis and to illustrate the complex security challenges faced by SSC strategists and implementers.
















            426                                                      ITU‐T's Technical Reports and Specifications