management tools in order to ensure that services return to their normal operational status, and to
            minimize the disturbance caused to users.

            Ultimately, modern cities compete with each other to attract businesses, talent, skills and taxpayers.
            As a result, administrations are increasingly valuing the role of innovation, technology, marketing
            and communication practices. In turn, private sector companies are attracted into cities by the ease
            of  doing  business  –  in  terms  of  cost  efficiency,  infrastructure  (e.g.  office  space,  broadband,
            telecommunications, as well as utilities such as energy, water and transportation), and general
            quality of life for their staff (e.g. residential, health care and educational systems).
            The adoption of effective governance structures as part of SSC strategies is closely linked to the
            effectiveness of cybersecurity measures. It is vital to ensure adequate preparedness and operational
            efficiency, as well as to take advantage of opportunities, address emerging needs, and overcome
            the security challenges faced by smart sustainable cities. Further information on SSC governance
            can  be  found  in  the  FG‐SSC  Technical  Report  on  “Engaging  stakeholders  for  smart  sustainable
                  9
            cities” .


            9       Recommendations to ensure SSC service continuity


            Smart  sustainable  cities  should  prioritize  providers  who  offer  solutions  and  methodologies  for
            security, backup, data loss prevention, archiving and disaster recovery, and who are able to protect
            and manage heterogeneous environments resulting from legacy systems and newer deployments,
            including open source, managed mobile devices, and virtualized systems.

                   Protecting information proactively

            SSC contexts increasingly involve big data considerations, and subsequently the need to centralize
            and manage the vast amount of information that is continuously generated and used. Taking an
            information‐centric  approach,  embedding  security  within  data  and  taking  a  content‐aware
            approach to protecting information, is vital for identifying ownership of: (a) the location of sensitive
            information, and (b) who has access to it. Classifying data and utilizing encryption helps to secure
            sensitive information and to restrict access to unauthorized individuals.

                   Authenticating users
            Strong authentication enables organizations to protect public assets by verifying the true identity of
            a  smart  device,  system  or  application.  This  prevents  individuals  from  accidentally  disclosing
            credentials to an attack site, and from attaching unauthorized devices to the infrastructure.
                   Leveraging threat intelligence

            In order to understand the major attack trends, city officials and CIOs can count on an established
            observatory, like the Global Intelligence Network, to provide one of the most extensive and accurate
            vendor‐neutral analyses of trends on malware, security threats and vulnerabilities from security
            research  centers  around  the  world.  The  same  information  is  also  used  to  compile  the  annual
            Internet  Security  Threat  Report,  which  contains  vital  information  about  current  and  emerging
            threats and vulnerabilities.






            9   FG‐SSC deliverable, Technical Report on engaging stakeholders for smart sustainable cities. Available at:
               http://www.itu.int/en/ITU‐T/focusgroups/ssc/Pages/default.aspx

            444                                                      ITU‐T's Technical Reports and Specifications