Smart Cities and the Challenges of Cross Domain Risk Management: Considering Interdependencies Between ICT-Security and Natural Hazards Disruptions


Research purpose. Smart City technologies offer great promise for a higher quality of life, including improved public services, in an era of rapid and intense global urbanization. The use of intelligent or smart information and communication technologies to produce more efficient systems of services in those urban areas, captured under the broad rubric of “smart cities,” also create new vectors of risk and vulnerability. The aim of this article is to raise consideration of an integrated cross-domain approach for risk reduction based on the risks smart cities are exposed to, on the one hand, from natural disasters and, on the other, from cyber-attacks.

Design / Methodology / Approach. This contribution describes and explains the risk profile for which smart cities are exposed to both natural disasters and cyber-attacks. The vulnerability of smart city technologies to natural hazards and cyber-attacks will first be summarized briefly from each domain, outlining those respective domain characteristics. Subsequently, methods and approaches for risk reduction in the areas of natural hazards and ICT security will be examined in order to create the basis for an integrated cross-domain approach to risk reduction. Differences are also clearly identified if an adaptation of a risk reduction pattern appears unsuitable. Finally, the results are summarized into an initial, preliminary integrated cross-domain approach to risk reduction.

Findings. Risk management in the two domains of ICT security and natural hazards is basically similar. Both domains use a multilayer approach in risk reduction, both have reasonably well-defined regimes and established risk management protocols. At the same time, both domains share a policymaking and policy implementation challenge of the difficulty of appropriately forecasting future risk and making corresponding resource commitments to address future risk. Despite similarities, different concepts like the CIA Triad, community resilience, absorption capacity and so on exist too. Future research of these concepts could lead to improve risk management.

Originality / Value / Practical implications. Cyber-attacks on the ICT infrastructure of smart cities are a major vulnerability – but relatively little systematic evaluation exists on the topic. Likewise, ICT infrastructure is vulnerable to natural disasters too – and the risk of more severe natural disasters in the context of a global trend toward massive cities is increasing dramatically. Explicit consideration of the issues associated with cross-domain integration of reduction of interdependent risk is a necessary step in ensuring smart city technologies also serve to promote longer-term community sustainability and resilience.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • Alexander, C. (1977). A Pattern Language: Towns, Buildings, Construction. Oxford: University Press.

  • Andress, J. (2014). The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice. Amsterdam: Syngress.

  • Batty, M., Axhausen, K. W., Giannotti, F., Pozdnoukhov, A.,Bazzani, A., Wachowicz, M., et al. (2012). Smart cities of the future. European Physical Journal Special Topics, 214 (1), 481–518

  • Birkmann, J. J., & von Teichman, K. (2010). Integrating disaster risk reduction and climate change adaptation: Key challenges—scales, knowledge, and norms. Sustainability Science, 5(2), 171–184.

  • Busbach-Richard, U. (2019). The Case of IT-Security: Anti-Patterns in Policy Making and its Implementation. Book of Abstracts of the First International Conference on Sustainable Development in Business and Economics. Skopje: IBI/IBF.

  • Caragliu, A., Del Bo, C., and Nijkamp, P. (2009). Smart Cities in Europe. Series Research Memoranda 0048. Amsterdam: VU University Amsterdam, Faculty of Economics, Business Administration and Econometrics.

  • Conti, G., Cross, T., Raymond, D. (2015). Pen Testing a City Retrieved from on September 24th 2019.

  • De la Poterie, A. T., & Baudoin, M. A. (2015). From Yokohama to Sendai: Approaches to participation in international disaster risk reduction frameworks. International Journal of Disaster Risk Science, 6(2), 128–139.

  • Essays, UK. (2018). The Importance Of Security In Distributed Systems Information Technology Essay. Retrieved from on September 24th 2019.

  • Garousi, G., Garousi-Yusifoglu, V., Ruhe, G., Zhi, J., Moussavi, M., & Smith, B. (2015). Usage and usefulness of technical software documentation: An industrial case study. Information and Software Technology, 57, 664–682

  • Fernandez-Buglioni, E. (2013) Security Patterns in Practice: Designing Secure Architectures Using Software Patterns. Hoboken: Wiley Publishing

  • Gamma, E., Helm. R., Johnson, R. & Vlissides, J. (1994). Design Patterns (the Gang of Four book). Boston: Addison-Wesley.

  • Garousi, G., Garousi, V., Ruhe, G., Zhi, J., Moussavi, M., & Smith, B. (2015). Usage and usefulness of technical software documentation: An industrial case study. Information & Software Technology, 57, 664–682.

  • Hancke, G. P., de Carvalho e Silva, B., & Hancke, G. P, Jr. (2013). The role of advanced sensing in smart cities. Sensors, 13 (1), 393–425.

  • Harinath, D., Satyanarayana, P. (2017). A Review on Security Issues and Attacks in Distributed Systems. Journal of Advances in Information Technology, 8 (1), 1–9.

  • Hayslip, G. (2016) What I have learned as CISO for a Smart City. Retrieved from on September 24th 2019.

  • ISACA (2009). The Risk-IT-Framework-Excerpt. Retrieved from on September 26th 2019.

  • ISACA (2019). COBIT 2019 Publications & Resources. Retrieved from on September 26th 2019.

  • ISO/IEC (2018). ISO/IEC 27005:2018 - Information technology - Security techniques - Information security risk management (third edition). Retrieved from on September 26th 2019.


  • NIST (2018). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved from on September 26th 2019.

  • Nussbaum, B. (2014). The ‘Levels of Analysis’ Problem with Critical Infrastructure Risk. In Journal of Physical Security, 7(1), 43–50.

  • O’Rouke, T.D. (2007). Critical infrastructure, interdependencies and resilience. The Bridge Vol. 37 No. 1, 22–29.

  • Perrin, C. (2008). The CIA Triad. Retrieved from on September 24th 2019.

  • Ray-Bennett, N. S., Mendez, D., Alam, E., & Morgner, C. (2020). Inter-agency collaboration in natural hazard management in developed countries. In B. J. Gerber (Ed.), The Oxford encyclopedia of natural hazards governance. New York, NY: Oxford University Press.

  • Robert, B., Morabito, L., Cloutier, I., & Hémond, Y. (2015). Interdependent critical infrastructures resilience: Methodology and case study. Disaster Prevention and Management, 24(1), 70–79.

  • Schaffers, H., Komninos, N., Pallot, M., Trousse, B., Nilsson,M., & Oliveira, A. (2011). Smart cities and the future internet: Towards cooperation frameworks for open innovation. J. Domingue, et al. Eds.), Future Internet Assembly pp. 431–446. LNCS: Springer.

  • Townsend, A. (2013).Smart cities: Big data, civic hackers, and the quest for a new utopia. New York: W.W. Norton & Co.

  • Thomalla, F., Downing, T., Spanger Siegfried, E., Han, G., & Rockstrom, J. (2006). Reducing hazard vulnerability: towards a common approach between disaster risk reduction and climate adaptation. Disasters, 30(1), 39–48.

  • Thomas, D. S., Phillips, B. D., Lovekamp, W. E., & Fothergill, A. (2013). Social vulnerability to disasters. Baton Roca, FL: CRC Press.

  • United Nations. (2010). Natural hazards, unnatural disasters: the economics of effective prevention.

  • UNISDR (United Nations International Strategy for Disaster Reduction). (2009). 2009 UNISDR terminology on disaster risk reduction. Geneva, Switzerland: United Nations.

  • Yoder, J., Barcalow, J. (1997). Architectural patterns for enabling application security. In Proceedings of the 4th Conference on Patterns Languages of Programming (PLoP’97).


Journal + Issues