As an increasing number of experiences suggest, mobile technologies improve the collaboration of
                                                                                                    6
            users and the connectivity of smart devices across widely distributed infrastructure assets .
            The European Network and Information Security Agency (ENISA) indicates that "processes" are seen
            as the most important pillar to secure critical infrastructures and industrial control systems (ICSs) –
            much more important than technology and people. Therefore, focusing solely on IT data centers
            and  operation  control  centers  is  not  enough.  As  the  supply  chain  and  technical  infrastructure
            domains become highly complex, a comprehensive end‐to‐end approach is necessary. Each part of
            the industry value chain needs to be analysed, assessed and secured – but not in an isolated way.

            Governance, Risk and Compliance (GRC) is a key discipline for public sector organizations. GRC is to
            be fulfilled through policies and processes, enabled by ad hoc IT suites conceived to ensure that IT
            departments monitor their environment against the evolving regulation scenarios, and involves
            taking appropriate action to stay compliant and mitigate risks.

            SSC security officers should consider the following measures as part of their GRC framework, and as
            part of their overall SSC security strategy:

              Embedding security with data to achieve confidentiality, integrity and authentication.
              Managing smart endpoints and embedded systems, as SSC will need to manage an increasing
                number of smart devices and secure data, identity and services across the entire supply chain,
                to avoid these devices being compromised and opening an additional threat vector.
              Protecting data explosion, including real‐time information, which involves a sound management
                approach to storing, protecting, backing‐up, archiving and retrieving data whenever needed.


            4       Architecture of SSC



            In order to provide a general background of the complex architecture that characterizes SSC, this
            section provides an overview of a sample configuration of SSC infrastructure. Gaining awareness of
            the  complex,  multi‐layered  architecture  of  SSC's  infrastructure  constitutes  an  important  step
            towards the design of a comprehensive, system‐wide cybersecurity strategy.

            The architecture of SSC is divided into a sensing layer, a communication layer, a data layer and an
            application layer (Figure 1 from bottom to top), and is overseen by the SSC security system. Each of
            these components is explained in detail in the FG‐SSC Technical Report on “Overview of smart
                                            7
            sustainable cities infrastructure” .


















            6   Examples are available in the FG‐SSC deliverable, Technical Report on overview of smart sustainable cities
               infrastructure. Available at http://www.itu.int/en/ITU‐T/focusgroups/ssc/Pages/default.aspx.
            7   FG‐SSC deliverable, Technical Report on overview of smart sustainable cities infrastructure. Ibid.


            ITU‐T's Technical Reports and Specifications                                                  431