ITU‐T's Technical Reports and Specifications 429 2 Key definitions The notions of \"resilience\", \"cybersecurity\" and \"data protection\" are gaining increasing momentum, and are becoming extremely pertinent in a smart sustainable city context as they relate to the risks posed to service continuity by threats from the cyberspace. While available literature in this field offers a wide range of definitions for these terms3, which often vary according to the area or the sector of implementation, the following constitute the working definitions that will be used for the purposes of this Technical Report: a. Resilience ITU‐T Study Group 17 (SG17) defines resilience as the \"Ability to recover from security compromises or attacks.\" The FG‐SSC has noted the ITU‐T Study Group 17 Recommendations related to Cybersecurity Information Exchange (CYBEX), X.1500‐Series. (ITU‐T X.1500‐Series Recommendations). Complementing this focus, a recent ITU report on 'Resilient Pathways' defines resilience as \"The ability of a system or a sector to withstand, recover, adapt, and potentially transform in the face of stressors such as those caused by climate change impacts\"4. This Technical Report suggests that the resilience of ICT systems is linked to a series of attributes, which can be linked to security as follows: Robustness and ability to maintain performance and to continue operating, even under a cyber‐attack or other incident (e.g. natural disaster). Redundancy of system components that allow the system to resume operations, within a defined delay of time, in case of abrupt interruption, total or partial. Flexibility and adaptability to new circumstances, including the systems' ability to prepare for future threats by adjusting/rectifying issues that allowed the incident to occur, or that took place during an incident. Achieving resilience and cyber resilience in a SSC context will ensure service continuity to its citizens. b. Cybersecurity This concept refers to the discipline of ensuring that ICT systems are protected from attacks and incidents, whether malicious or accidental, threatening the integrity of data, their availability or confidentiality, including attempts to illegally \"exfiltrate\" sensitive data or information out of the boundaries of an organization. 3 For example, the U.S Department of Homeland Security refers to resilience as \"The ability to prepare for and adapt to changing conditions, and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents\". The Information Security Forum defines cyber‐resilience as \"The organisation's capability to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace\", while the World Economic Forum (WEF) refers to it as \"The ability of systems and organisations to withstand cyber‐events, measured by the combination of mean time to failure and mean time to recovery\". 4 Ospina, A.V., Bueti, C., Dickerson, K., and Faulkner, D. (2013), Resilient Pathways: The Adaptation of the ICT Sector to Climate Change, International Telecommunication Union (ITU), Geneva, Switzerland. Available at; http://www.itu.int/en/ITU‐T/climatechange/Documents/Publications/Resilient_ Pathways‐E.PDF.