434 ITU‐T's Technical Reports and Specifications Hackers' motivations can range from a criminal intent aimed at financial gain, through to industrial espionage, cyber sabotage, cyber warfare, and political activism, among others. Any of these can be conceived, take place, and have damaging repercussions in SSC. Numerous episodes of city‐infrastructure sabotage have been recorded in recent times, suggesting that ICT vulnerabilities can jeopardize the safe delivery of services to citizens, and/or their continuity. Vulnerabilities can involve data \"in transit\" (i.e. being transmitted between devices) or \"at rest\" (i.e. while stored). Malicious attackers will assess the vulnerability of the different systems and engineer the most effective and damaging approach according to their objectives. The following are examples of SSC services that are vulnerable to the above‐mentioned threats: Smart grid, intelligent buildings and other critical infrastructure It is generally estimated that cities are responsible for between 60% and 80% of the world's energy use. Therefore, optimizing energy delivery and consumption is vital. Smart grid technology aims to tailor the generation and supply of energy to user consumption, thus increasing efficiency, reducing costs and environmental impact. In particular, consumer “smart meters” and sensors, equipped with IP addresses, can communicate information about energy utilization patterns to the supplier, while allowing end‐user control. This can help manage real‐time demand, and even provide advice to consumers about their use habits. Buildings, both residential and commercial, provide an important opportunity to optimize energy consumption and enhance the well‐being of residents and workers. Intelligent buildings, particularly office environments, are able to leverage smart grid technologies to influence energy supply and consumption by controlling lighting, climate control and IT. They can even provide electric plug‐in stations for employees to recharge their cars while at work. Smart grids and related infrastructure need protection from attacks that could cause severe stoppages to cities, community sites, industrial sites and essential services. Attackers exploiting vulnerabilities in SCADA systems, based on traditional software platforms, can lead to intrusions with the potential to disrupt data exchange between utility control centers and end users, and severely compromise the delivery of energy services. Whitelisting techniques, used to ensure that only specified system applications and processes are active at any one time, are particularly effective against zero‐day vulnerabilities and attacks in SCADA environments. Zero‐day vulnerabilities are still unknown on the day of the attack, hence vulnerabilities against which no vendor has released a patch. Intruders can also install malware designed to obtain sensitive information, to control the networks that operate the service and cause a denial‐of‐service situation. This can be countered through intrusion prevention techniques, coupled with robust policies in areas such as network usage, browser patches, e‐mail usage, as well as users' awareness of the issue and their education and preparedness on the subject. At the end‐user level, smart meters may simply be hacked and compromised for fraudulent purposes: to alter proof of consumption or to 'steal' energy from other users, while preventing the provider from detecting service flaws.