Research purpose. Smart City technologies offer great promise for a higher quality of life, including improved public services, in an era of rapid and intense global urbanization. The use of intelligent or smart information and communication technologies to produce more efficient systems of services in those urban areas, captured under the broad rubric of “smart cities,” also create new vectors of risk and vulnerability. The aim of this article is to raise consideration of an integrated cross-domain approach for risk reduction based on the risks smart cities are exposed to, on the one hand, from natural disasters and, on the other, from cyber-attacks.
Design / Methodology / Approach. This contribution describes and explains the risk profile for which smart cities are exposed to both natural disasters and cyber-attacks. The vulnerability of smart city technologies to natural hazards and cyber-attacks will first be summarized briefly from each domain, outlining those respective domain characteristics. Subsequently, methods and approaches for risk reduction in the areas of natural hazards and ICT security will be examined in order to create the basis for an integrated cross-domain approach to risk reduction. Differences are also clearly identified if an adaptation of a risk reduction pattern appears unsuitable. Finally, the results are summarized into an initial, preliminary integrated cross-domain approach to risk reduction.
Findings. Risk management in the two domains of ICT security and natural hazards is basically similar. Both domains use a multilayer approach in risk reduction, both have reasonably well-defined regimes and established risk management protocols. At the same time, both domains share a policymaking and policy implementation challenge of the difficulty of appropriately forecasting future risk and making corresponding resource commitments to address future risk. Despite similarities, different concepts like the CIA Triad, community resilience, absorption capacity and so on exist too. Future research of these concepts could lead to improve risk management.
Originality / Value / Practical implications. Cyber-attacks on the ICT infrastructure of smart cities are a major vulnerability – but relatively little systematic evaluation exists on the topic. Likewise, ICT infrastructure is vulnerable to natural disasters too – and the risk of more severe natural disasters in the context of a global trend toward massive cities is increasing dramatically. Explicit consideration of the issues associated with cross-domain integration of reduction of interdependent risk is a necessary step in ensuring smart city technologies also serve to promote longer-term community sustainability and resilience.
If the inline PDF is not rendering correctly, you can download the PDF file here.
Alexander C. (1977). A Pattern Language: Towns Buildings Construction. Oxford: University Press.
Andress J. (2014). The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice. Amsterdam: Syngress.
Batty M. Axhausen K. W. Giannotti F. Pozdnoukhov A.Bazzani A. Wachowicz M. et al. (2012). Smart cities of the future. European Physical Journal Special Topics 214 (1) 481–518
Birkmann J. J. & von Teichman K. (2010). Integrating disaster risk reduction and climate change adaptation: Key challenges—scales knowledge and norms. Sustainability Science5(2) 171–184.
Busbach-Richard U. (2019). The Case of IT-Security: Anti-Patterns in Policy Making and its Implementation. Book of Abstracts of the First International Conference on Sustainable Development in Business and Economics. Skopje: IBI/IBF.
Caragliu A. Del Bo C. and Nijkamp P. (2009). Smart Cities in Europe. Series Research Memoranda 0048. Amsterdam: VU University Amsterdam Faculty of Economics Business Administration and Econometrics.
Conti G. Cross T. Raymond D. (2015). Pen Testing a City Retrieved from https://www.blackhat.com/docs/us-15/materials/us-15-Conti-Pen-Testing-A-City-wp.pdf on September 24th 2019.
De la Poterie A. T. & Baudoin M. A. (2015). From Yokohama to Sendai: Approaches to participation in international disaster risk reduction frameworks. International Journal of Disaster Risk Science6(2) 128–139.
Essays UK. (2018). The Importance Of Security In Distributed Systems Information Technology Essay. Retrieved from https://www.ukessays.com/essays/information-technology/the-importance-of-security-in-distributed-systems-information-technology-essay.php?vref=1 on September 24th 2019.
Garousi G. Garousi-Yusifoglu V. Ruhe G. Zhi J. Moussavi M. & Smith B. (2015). Usage and usefulness of technical software documentation: An industrial case study. Information and Software Technology 57 664–682
Fernandez-Buglioni E. (2013) Security Patterns in Practice: Designing Secure Architectures Using Software Patterns. Hoboken: Wiley Publishing
Gamma E. Helm. R. Johnson R. & Vlissides J. (1994). Design Patterns (the Gang of Four book). Boston: Addison-Wesley.
Garousi G. Garousi V. Ruhe G. Zhi J. Moussavi M. & Smith B. (2015). Usage and usefulness of technical software documentation: An industrial case study. Information & Software Technology 57 664–682.
Hancke G. P. de Carvalho e Silva B. & Hancke G. P Jr. (2013). The role of advanced sensing in smart cities. Sensors 13 (1) 393–425.
Harinath D. Satyanarayana P. (2017). A Review on Security Issues and Attacks in Distributed Systems. Journal of Advances in Information Technology 8 (1) 1–9.
Hayslip G. (2016) What I have learned as CISO for a Smart City. Retrieved from https://www.linkedin.com/pulse/what-i-have-learned-ciso-smart-city-cissp-cisa-crisc-ccsk?articleId=6099504343512272896#comments-6099504343512272896&trk=prof-post on September 24th 2019.
ISACA (2009). The Risk-IT-Framework-Excerpt. Retrieved from https://m.isaca.org/Knowledge-Center/Research/Documents/Risk-IT-Framework-Excerpt_fmk_Eng_0109.pdf on September 26th 2019.
ISACA (2019). COBIT 2019 Publications & Resources. Retrieved from http://www.isaca.org/COBIT/Pages/COBIT-2019-Publications-Resources.aspx on September 26th 2019.
ISO/IEC (2018). ISO/IEC 27005:2018 - Information technology - Security techniques - Information security risk management (third edition). Retrieved from https://www.iso27001security.com/html/27005.html on September 26th 2019.
Mijalkovic Sasa & Cvetković Vladimir. (2013). VULNERABILITY OF CRITICAL INFRASTRUCTURE BY NATURAL DISASTERS.
NIST (2018). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved from https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf on September 26th 2019.
Nussbaum B. (2014). The ‘Levels of Analysis’ Problem with Critical Infrastructure Risk. In Journal of Physical Security 7(1) 43–50.
O’Rouke T.D. (2007). Critical infrastructure interdependencies and resilience. The Bridge Vol. 37 No. 1 22–29.
Perrin C. (2008). The CIA Triad. Retrieved from https://www.techrepublic.com/blog/it-security/the-cia-triad/ on September 24th 2019.
Ray-Bennett N. S. Mendez D. Alam E. & Morgner C. (2020). Inter-agency collaboration in natural hazard management in developed countries. In B. J. Gerber (Ed.) The Oxford encyclopedia of natural hazards governance. New York NY: Oxford University Press.
Robert B. Morabito L. Cloutier I. & Hémond Y. (2015). Interdependent critical infrastructures resilience: Methodology and case study. Disaster Prevention and Management24(1) 70–79.
Schaffers H. Komninos N. Pallot M. Trousse B. NilssonM. & Oliveira A. (2011). Smart cities and the future internet: Towards cooperation frameworks for open innovation. J. Domingue et al. Eds.) Future Internet Assembly pp. 431–446. LNCS: Springer.
Townsend A. (2013).Smart cities: Big data civic hackers and the quest for a new utopia. New York: W.W. Norton & Co.
Thomalla F. Downing T. Spanger Siegfried E. Han G. & Rockstrom J. (2006). Reducing hazard vulnerability: towards a common approach between disaster risk reduction and climate adaptation. Disasters30(1) 39–48.
Thomas D. S. Phillips B. D. Lovekamp W. E. & Fothergill A. (2013). Social vulnerability to disasters. Baton Roca FL: CRC Press.
United Nations. (2010). Natural hazards unnatural disasters: the economics of effective prevention.
UNISDR (United Nations International Strategy for Disaster Reduction). (2009). 2009 UNISDR terminology on disaster risk reduction. Geneva Switzerland: United Nations.
Yoder J. Barcalow J. (1997). Architectural patterns for enabling application security. In Proceedings of the 4th Conference on Patterns Languages of Programming (PLoP’97).