426 ITU‐T's Technical Reports and Specifications Executive Summary Smart sustainable cities (SSC) are highly dependent on information and communication technologies (ICTs), including Internet of Things (IoT), radio frequency identification (RFID), and machine‐to‐machine (M2M). The advanced underlying infrastructure not only resolves the need for hyper‐connectivity for smart sustainable city components and services, but also introduces higher levels of complexity and higher volumes of data. Increased system complexity opens new doors and opportunities for malicious cyberattacks and data loss in the case of serious incidents, including natural disasters. The linkages that exist between the higher levels of complexity, connectivity and data volumes that characterize SSC, which together lead to exacerbated levels of vulnerability to security threats, can be summarized as follows: Hyper complexity + hyper connectivity + hyper data volumes = hyper vulnerability Given the increasing interconnectedness of smart sustainable city environments, security incidents can prove highly penalizing for the systems they affect, for the city services they control, and ultimately for the citizens and end users of the services. A very compelling need for SSC is therefore to guarantee the protection of the relevant ICT systems and the various technologies involved, as well as the data used to govern the systems and the services. Cybersecurity, information protection and system resilience constitute political and governance issues at the forefront of new developments in this field. As they closely relate to both governance and policy, they require the attention of public administrators and decision‐makers, especially given the potential effects of malicious attacks and disasters on critical ICT systems and infrastructure, including citizens' deprivation of essential services, from transportation to utilities (e.g. smart grid, water management), health care, emergency services, and public safety, among others. With appropriate processes in place, multi‐stakeholder collaboration and good governance, technology can provide tangible solutions to issues related to cybersecurity, information protection and system resilience. Within this context, this Technical Report provides a detailed account of the potential cyber‐vulnerabilities of SSC, and a set of Recommendations to ensure the protection and resilience of the services offered to the citizens. This Technical Report is structured around nine sections. Section 1 provides the introductory background and scope. Section 2 provides working definitions for the notions that are at the core of this Technical Report, namely \"resilience\", \"cybersecurity\" and \"data protection\". Section 3 describes the main implications of ICT use in the contexts of SSC. It explores the IoT, the rising technology at the base of the SCC paradigm, as well as other ICTs that introduce new potential threats to the integrity and security of the systems involved. Section 4 provides a general overview of the technical architecture of SSC in order to contextualize the analysis and to illustrate the complex security challenges faced by SSC strategists and implementers.