Page 439 - Shaping smarter and more sustainable cities - Striving for sustainable development goals
P. 439
2 Key definitions
The notions of "resilience", "cybersecurity" and "data protection" are gaining increasing
momentum, and are becoming extremely pertinent in a smart sustainable city context as they relate
to the risks posed to service continuity by threats from the cyberspace. While available literature in
3
this field offers a wide range of definitions for these terms , which often vary according to the area
or the sector of implementation, the following constitute the working definitions that will be used
for the purposes of this Technical Report:
a. Resilience
ITU‐T Study Group 17 (SG17) defines resilience as the "Ability to recover from security compromises
or attacks."
The FG‐SSC has noted the ITU‐T Study Group 17 Recommendations related to Cybersecurity
Information Exchange (CYBEX), X.1500‐Series. (ITU‐T X.1500‐Series Recommendations).
Complementing this focus, a recent ITU report on 'Resilient Pathways' defines resilience as "The
ability of a system or a sector to withstand, recover, adapt, and potentially transform in the face of
4
stressors such as those caused by climate change impacts" .
This Technical Report suggests that the resilience of ICT systems is linked to a series of attributes,
which can be linked to security as follows:
Robustness and ability to maintain performance and to continue operating, even under a cyber‐
attack or other incident (e.g. natural disaster).
Redundancy of system components that allow the system to resume operations, within a
defined delay of time, in case of abrupt interruption, total or partial.
Flexibility and adaptability to new circumstances, including the systems' ability to prepare for
future threats by adjusting/rectifying issues that allowed the incident to occur, or that took place
during an incident.
Achieving resilience and cyber resilience in a SSC context will ensure service continuity to its citizens.
b. Cybersecurity
This concept refers to the discipline of ensuring that ICT systems are protected from attacks and
incidents, whether malicious or accidental, threatening the integrity of data, their availability or
confidentiality, including attempts to illegally "exfiltrate" sensitive data or information out of the
boundaries of an organization.
3 For example, the U.S Department of Homeland Security refers to resilience as "The ability to prepare for
and adapt to changing conditions, and withstand and recover rapidly from disruptions. Resilience includes
the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or
incidents". The Information Security Forum defines cyber‐resilience as "The organisation's capability to
withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and
unexpected threats from activities in cyberspace", while the World Economic Forum (WEF) refers to it as
"The ability of systems and organisations to withstand cyber‐events, measured by the combination of
mean time to failure and mean time to recovery".
4 Ospina, A.V., Bueti, C., Dickerson, K., and Faulkner, D. (2013), Resilient Pathways: The Adaptation of the ICT
Sector to Climate Change, International Telecommunication Union (ITU), Geneva, Switzerland. Available at;
http://www.itu.int/en/ITU‐T/climatechange/Documents/Publications/Resilient_Pathways‐E.PDF.
ITU‐T's Technical Reports and Specifications 429
