Dr Sally Leivesley
  Catastrophic Risk
  Smart Cities
  Recent Media Commentary
  Contact Newrisk Limited
    - Media Enquiries
  Lectures & Conferences
  Papers & Publications
  Risk Assessments
  Post Incident Analyses
  Continuity Planning
  Crisis Communications
    -  Media & Social Media
  Employee Preparedness
  Audit Assurance Risk
  Aviation Security
  Biological Threats
  Catastrophic Risk
  Chemical Threats
  Continuity Planning
  Criminal Justice
  Cyber Security
  Defence & Policing
  Education & Training
  Emergency Services
  Financial Threats
  London in 2012 Security
  Radiological & Dirty Bombs
  Reputation Risk Management
  Risk Management
  Terrorism & Security
  Transportation Security


Smart Cities

Understanding risk in smart cities requires a different method of risk management and a flexible risk mitigation input for business operations which are growing at a fast pace with Cloud services and global connectedness to Big Data sources.  

Newrisk Limited offers a range of catastrophic risk services which widen the threat horizons that can be visualised and acted upon in a timely manner to protect the organisation.  Human factor failures are integrated with technological failures and malevolent events from insiders, organised crime, and nation states intent on disrupting critical operations such as finance, communications, defence and security, media, transport, energy, water and other infrastructure. 

A quantified risk analysis across the smart city risk horizon can support safety, security and environmental management and reduce the levels of uncertainty that confront business and government operations every day. 
Catastrophic risk management services for companies and governments operating in smart cities are a new component of risk management because connectedness has brought many risk factors together.  Catastrophic failures occur because highly connected systems can suddenly fail from a critical point coming under pressure or from convergence of operations which create a new central point of weakness or a vulnerable target for malevolent action against the company or government operation.  New threats to systems controls widen the threat spectrum beyond data protection and software failures.  There are risks from any inability of a facilities management process to access its building control systems or to see the systems data on operation of essential services (energy control, access control, communications, unauthorised devices on the system, unauthorised access across systems).

There are risks to all business processes that are impacted with failures of systems delivering business processes within intelligent buildings and to the world through cyber space.   

Smart cities are constantly evolving with connectedness in cyber space between people, buildings, transport, energy, water, communications, commercial operations, media and the multitude of activities cities generate.   The boundaries of smart cities are in cyber space which creates global linkages in the connections to systems and this brings a different threat horizon that has to be monitored for business operations, safety and continuity of activities.  Cyber events whether accidental from failures to integrate rapidly changing technologies or intentional from individuals, terrorists or nation states are rapidly creating disruptions and uncertainty because there is no international legal agreement between countries on boundaries, behaviour, criminal investigation or compensation when systems fail. Cyber space is not geographically bounded except where services and companies are located but virtual space with cloud and the speed of electronic connectedness means that cyber space creates unbounded and ungoverned threat landscape. 

Risk work requires evaluation of the threat landscape and safety, security and integrity of systems and people within this landscape and how business can manage a pathway through many uncertainties that would otherwise reduce initiatives to expand business reach. 

Newrisk Limited is a member of the Register of Security Engineers and Specialists http://www.rses.org.uk/home/list-of-members. The Register covers security specialties essential for the protection of critical national infrastructure – these include Protection against the effect of weapons, blast, electronic systems, CBRN (Chemical, Biological, Radiological, Nuclear, Hostile vehicle mitigation, Pedestrian barriers, Explosives and weapons search detection. Additionally Cyber threat mitigation, cyber systems/ security/ fire- integration and assurance of systems security are components of managing essential business operational in a highly connected intelligent buildings and smart city environment. 

Experience in smart cities and risk management has been contributed on a Technical Panel advising the IET Standards technical guidance document released on line, June 2013. Resilience and Cyber Security of Technology in the Built Environment, is the first study on cyber requirements for highly interconnected smart cities and is essential knowledge for companies and managers of intelligent buildings, energy, water, communications and other interconnected critical infrastructure.  The document recognises that economic and environmental benefits will come from the successful integration, assurance, agreement on responsibilities and continuity of operation of these systems. Ten organisations have participated on the Technical Committee to develop the Resilience and Cyber Security Guidance - the Defence Science and Technology Laboratory (dstl), the Centre for the Protection of Critical National Infrastructure (CPNI), Transport for London, the Corporate IT Forum, Dr Sally Leivesley from Newrisk and experts from global companies.  

‘The technical briefing examines the different sources of threats across the building lifecycle from initial concept through to decommissioning. It considers potential threat agents that could cause or contribute to a cyber security incident and identifies some of the measures that may be appropriate to reduce the risks’

The document covers the threat landscape, 20 critical controls, security through specification phase to decommissioning, relevant Standards, Intelligent Building case studies and legal issues such as intellectual property and commercial data. 

Newrisk Limited's early experience in smart city security design evolved from tender work on security design for a new build of a smart city in the Middle East where the continuity of security, safety and mass population movement from airport and sea ports, rail links and technology parks as hubs of productivity and the new design of accommodation, leisure and community support services, retail services and government infrastructure required a security framework based on the threat horizons for the smart city.  The dynamic changing threats evolving from the specification through design, commissioning, operation and change management stages in such a city all require solutions and risk based decisions within a coherent and harmonious security framework.   

Presentations on threats to smart cities have been given in Solar Storms and integrating hybrid threats from HEMP, IEMI and SCADA attacks into a concept of stabilisation of systems during times of high uncertainty events where massive impacts threaten the total loss of systems that sustain cities and populations. Integrated with this are insider threats and human factors failures which can present failure modes equivalent to other forms of systems loss.  (http://conferences.theiet.org/solar-storms/about/index.cfm ) Also there has been recent discussion and presentations on urban terror targets (see: 'Urban Terror Targets: Optimising Cyber Security for Survival' for CISO Middle East Ninth Annual Conference, Dubai, March 27-29, 2017 on March 28).

In June 2013, at a Chief Information Security Summit in Amsterdam Dr Leivesley presented on Cyber Resilience on Smart Cities and Intelligent Buildings,  describing top threats in Europe and rest of the world, Global Gate Keeping, Advanced Persistent Threats, global hot spots, nuclear high altitude electromagnetic pulse, intentional electromagnetic interference effects; smart cities and intelligent buildings; critical national infrastructure – water, nuclear power plants, telecommunications and aviation.  http://www.ciso-summit.com/europe/summit-agenda


Sally Leivesley



  • Cyber
  • Nuclear

Prepare for the unexpected. New forms of attack will be unexpected in time, tactics and consequences and may include kinetic attacks on undersea cables and space infrastructure. 

Questions to Consider:
Does the organisation have a capacity to fast switch to other cloud, in-house server or hot site operations to limit recovery time? Are there diagnostics for sensors and control systems and the interface with operations?  Could a global security crisis in the South and East China Seas and flash points elsewhere (including Europe) target an organisation’s upstream cyber providers?  Other resilience tasks to check are:

  • - Competent external recovery services;
  • - Internal policies for real time back- up systems unconnected to live operations;
  • - Financial resources for full re-build after ransomware;
  • - Internal policies to avert ransomware payments; 
  • - Cooperative recovery planning with industry peers;
  • - Regular modular and  whole of organisation exercises;
- Multiple scenario tests for strength of preparedness.

 Nations signalling intent of conflict.
 Energy regeneration challenges.

Nuclear conflict and radiation incidents are a high risk for some regions.  Nations are engaging in
‘signalling’ capability of weapons and intent. The most frequent signals are coming from China in
relation to Taiwan; the USA in relation to freedom of navigation in the South China Sea; Russia in
sending Zircon hypersonic missiles onto naval voyages into the Atlantic, movement of nuclear
weapons to Belarus and threats to Ukraine; North Korea in frequency of missile tests including
submarine launched missiles and drones; and Iran’s apparent nuclear enrichment found to be at
84% purity.

Planning for Energy Regeneration Post Nuclear Conflict:
1. Hardened energy infrastructure;
2. Academic and Industry collaborative Programmes;
3. Small Modular Reactors built underground;
4. Supplemental critical control system separated from IOT; and
5. Energy planning for rail transportation of populations.