Understanding risk in smart cities requires a different method of risk management and a flexible risk mitigation input for business operations which are growing at a fast pace with Cloud services and global connectedness to Big Data sources.
Newrisk Limited offers a range of catastrophic risk services which widen the threat horizons that can be visualised and acted upon in a timely manner to protect the organisation. Human factor failures are integrated with technological failures and malevolent events from insiders, organised crime, and nation states intent on disrupting critical operations such as finance, communications, defence and security, media, transport, energy, water and other infrastructure.
A quantified risk analysis across the smart city risk horizon can support safety, security and environmental management and reduce the levels of uncertainty that confront business and government operations every day.
Catastrophic risk management services for companies and governments operating in smart cities are a new component of risk management because connectedness has brought many risk factors together. Catastrophic failures occur because highly connected systems can suddenly fail from a critical point coming under pressure or from convergence of operations which create a new central point of weakness or a vulnerable target for malevolent action against the company or government operation. New threats to systems controls widen the threat spectrum beyond data protection and software failures. There are risks from any inability of a facilities management process to access its building control systems or to see the systems data on operation of essential services (energy control, access control, communications, unauthorised devices on the system, unauthorised access across systems).
There are risks to all business processes that are impacted with failures of systems delivering business processes within intelligent buildings and to the world through cyber space.
Smart cities are constantly evolving with connectedness in cyber space between people, buildings, transport, energy, water, communications, commercial operations, media and the multitude of activities cities generate. The boundaries of smart cities are in cyber space which creates global linkages in the connections to systems and this brings a different threat horizon that has to be monitored for business operations, safety and continuity of activities. Cyber events whether accidental from failures to integrate rapidly changing technologies or intentional from individuals, terrorists or nation states are rapidly creating disruptions and uncertainty because there is no international legal agreement between countries on boundaries, behaviour, criminal investigation or compensation when systems fail. Cyber space is not geographically bounded except where services and companies are located but virtual space with cloud and the speed of electronic connectedness means that cyber space creates unbounded and ungoverned threat landscape.
Risk work requires evaluation of the threat landscape and safety, security and integrity of systems and people within this landscape and how business can manage a pathway through many uncertainties that would otherwise reduce initiatives to expand business reach.
Newrisk Limited is a member of the Register of Security Engineers and Specialists http://www.rses.org.uk/home/list-of-members. The Register covers security specialties essential for the protection of critical national infrastructure – these include Protection against the effect of weapons, blast, electronic systems, CBRN (Chemical, Biological, Radiological, Nuclear, Hostile vehicle mitigation, Pedestrian barriers, Explosives and weapons search detection. Additionally Cyber threat mitigation, cyber systems/ security/ fire- integration and assurance of systems security are components of managing essential business operational in a highly connected intelligent buildings and smart city environment.
Experience in smart cities and risk management has been contributed on a Technical Panel advising the IET Standards technical guidance document released on line, June 2013. Resilience and Cyber Security of Technology in the Built Environment, is the first study on cyber requirements for highly interconnected smart cities and is essential knowledge for companies and managers of intelligent buildings, energy, water, communications and other interconnected critical infrastructure. The document recognises that economic and environmental benefits will come from the successful integration, assurance, agreement on responsibilities and continuity of operation of these systems. Ten organisations have participated on the Technical Committee to develop the Resilience and Cyber Security Guidance - the Defence Science and Technology Laboratory (dstl), the Centre for the Protection of Critical National Infrastructure (CPNI), Transport for London, the Corporate IT Forum, Dr Sally Leivesley from Newrisk and experts from global companies.
‘The technical briefing examines the different sources of threats across the building lifecycle from initial concept through to decommissioning. It considers potential threat agents that could cause or contribute to a cyber security incident and identifies some of the measures that may be appropriate to reduce the risks’.
The document covers the threat landscape, 20 critical controls, security through specification phase to decommissioning, relevant Standards, Intelligent Building case studies and legal issues such as intellectual property and commercial data.
Newrisk Limited's early experience in smart city security design evolved from tender work on security design for a new build of a smart city in the Middle East where the continuity of security, safety and mass population movement from airport and sea ports, rail links and technology parks as hubs of productivity and the new design of accommodation, leisure and community support services, retail services and government infrastructure required a security framework based on the threat horizons for the smart city. The dynamic changing threats evolving from the specification through design, commissioning, operation and change management stages in such a city all require solutions and risk based decisions within a coherent and harmonious security framework.
Recent presentations on threats to smart cities have been given in Solar Storms and integrating hybrid threats from HEMP, IEMI and SCADA attacks into a concept of stabilisation of systems during times of high uncertainty events where massive impacts threaten the total loss of systems that sustain cities and populations. Integrated with this are insider threats and human factors failures which can present failure modes equivalent to other forms of systems loss. (http://conferences.theiet.org/solar-storms/about/index.cfm ).
In June 2013, at a Chief Information Security Summit in Amsterdam Dr Leivesley presented on Cyber Resilience on Smart Cities and Intelligent Buildings, describing top threats in Europe and rest of the world, Global Gate Keeping, Advanced Persistent Threats, global hot spots, nuclear high altitude electromagnetic pulse, intentional electromagnetic interference effects; smart cities and intelligent buildings; critical national infrastructure – water, nuclear power plants, telecommunications and aviation. http://www.ciso-summit.com/europe/summit-agenda