ITU‐T's Technical Reports and Specifications 431 As an increasing number of experiences suggest, mobile technologies improve the collaboration of users and the connectivity of smart devices across widely distributed infrastructure assets6. The European Network and Information Security Agency (ENISA) indicates that \"processes\" are seen as the most important pillar to secure critical infrastructures and industrial control systems (ICSs) – much more important than technology and people. Therefore, focusing solely on IT data centers and operation control centers is not enough. As the supply chain and technical infrastructure domains become highly complex, a comprehensive end‐to‐end approach is necessary. Each part of the industry value chain needs to be analysed, assessed and secured – but not in an isolated way. Governance, Risk and Compliance (GRC) is a key discipline for public sector organizations. GRC is to be fulfilled through policies and processes, enabled by ad hoc IT suites conceived to ensure that IT departments monitor their environment against the evolving regulation scenarios, and involves taking appropriate action to stay compliant and mitigate risks. SSC security officers should consider the following measures as part of their GRC framework, and as part of their overall SSC security strategy: Embedding security with data to achieve confidentiality, integrity and authentication. Managing smart endpoints and embedded systems, as SSC will need to manage an increasing number of smart devices and secure data, identity and services across the entire supply chain, to avoid these devices being compromised and opening an additional threat vector. Protecting data explosion, including real‐time information, which involves a sound management approach to storing, protecting, backing‐up, archiving and retrieving data whenever needed. 4 Architecture of SSC In order to provide a general background of the complex architecture that characterizes SSC, this section provides an overview of a sample configuration of SSC infrastructure. Gaining awareness of the complex, multi‐layered architecture of SSC's infrastructure constitutes an important step towards the design of a comprehensive, system‐wide cybersecurity strategy. The architecture of SSC is divided into a sensing layer, a communication layer, a data layer and an application layer (Figure 1 from bottom to top), and is overseen by the SSC security system. Each of these components is explained in detail in the FG‐SSC Technical Report on “Overview of smart sustainable cities infrastructure”7. 6 Examples are available in the FG‐SSC deliverable, Technical Report on overview of smart sustainable cities infrastructure. Available at http://www.itu.int/en/ITU‐T/focusgroups/ssc/Pages/default.aspx. 7 FG‐SSC deliverable, Technical Report on overview of smart sustainable cities infrastructure. Ibid.