Smart Cityies2017.cyberport.hk/wp-content/uploads/2017/05/3.smart...2017/05/03 · public transport...
Transcript of Smart Cityies2017.cyberport.hk/wp-content/uploads/2017/05/3.smart...2017/05/03 · public transport...
Smart City ConceptA city can be defined as ‘smart’ when investments in human and social capital and traditional (transport) and modern (ICT) communication infrastructure fuel sustainable economic development and a high quality of life, with a wise management of natural resources, through participatory action and engagement. (Caragliu et al. 2009)
Smart city is a developed urban area that creates sustainable economic
development and good quality of lifepeople - economy - mobility
environmental conditions - living conditions - governance
Problem of Definition• The new generation of information technologies, such as the IoT, cloud computing, BigData and space/geographical information integration, to facilitate the planning, construction, management and Smart services of Cities.
• The effective integration of physical, digital and human systems in the built environment to deliver a sustainable, prosperous and inclusive future for its citizens.
• ITU-T Focus Group on Smart Sustainable Cities analysed nearly 100 definitions (including the two above) and used these to develop the following definition: A smart sustainable city is an innovative city that uses information and communication technologies (ICTs) and other means to improve quality of life, efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social and environmental aspects”
International Standardisation Overview of Topics
• Smart City Concepts, Models and Relevant Terminology
• Smart City Needs and Requirements (technological, market and societal)
• ICT Standardisation Requirements
• SC Needs —> ICT Requirements
• Technological trends
• Smart City Infrastructure and Services
• CyberCity Security and Privacy
Technology• Big Data
• Ubiquitous Computing
• Resilient and Robust Networking
• GIS (Geographic Information System)
• Cloud Services
• Service Oriented Architecture
• IoT and Sensor Networks
Range of Standards Required• Sustainability standards• Environmental standards• Building and Infrastructure standards• Technology and Service Standards (e.g. IoT, Sensor
Networks, BigData and Cloud)• Safety standards• Industrial Internet and Control System standards• Cyber security and privacy standards
SSC management and assessment standards
SSC services standards
ICT standards
Buildings, physical and infrastructure standardsFr
amew
ork
and
defin
ition
sSMART CITY STANDARDS MODEL
IEEE China*
Europe (CEN/CENELEC & ETSI) UK/BSI
US/ANSI & NIST …
Plus Industry Partners
* National IT Standardization TC (NITS), National CT Standardization TC, National Intelligent Transportation System Standardization TC, National TC on Digital Technique of Intelligent Building and Residence Community of Standardization Administration, Strategic Alliance of Smart City Industrial Technology Innovation.
ISO/TC 211 Geographic information/Geomatics
ISO/TC 215 Health informatics
ISO/TC 241 Road traffic safety management systems
ISO/TC 251 Asset management
ISO/TC 262 Risk management
ISO/TC 267 Facility management
ISO/TC 268 Sustainable cities and communities
ISO/PC 283 Occupational health and safety management systems
ISO/TC 292 Security and resilience
ISO/TC 301 Energy management and energy savings
ISO/TC 307 Blockchain and electronic distributed ledger technologies
ISO/TC 309 Governance of organizations
https://iso.ch/technical-committees.html
http://www.iec.ch/smartcities/
https://www.iso.org/files/live/sites/isoorg/files/developing_standards/docs/en/
smart_cities_report-jtc1.pdf
ISO/IEC JTC 1/WG 7 Sensor networks
ISO/IEC JTC 1/WG 9 Big Data
ISO/IEC JTC 1/WG 10 Internet of Things
ISO/IEC JTC 1/WG 11 Smart cities
ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems
ISO/IEC JTC 1/SC 7 Software and systems engineering
ISO/IEC JTC 1/SC 17 Cards and personal identification
ISO/IEC JTC 1/SC 27 IT Security techniques
ISO/IEC JTC 1/SC 32 Data management and interchange
ISO/IEC JTC 1/SC 38 Cloud Computing and Distributed Platforms
ISO/IEC JTC 1/SC 39 Sustainability for and by Information Technology
ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance
ISO/IEC JTC 1/SC 41 Internet of Things and related technologies
https://iso.ch/committee/45020.html
http://www.itu.int/en/ITU-T/focusgroups/ssc/Pages/default.aspx
CyberCitySpace Risks, Security and Privacy
CHALLENGESGreater and More Diversified set of Cyber Risks
Greater Societal and Business Impact Greater cyber attack surface with a richer set of cyber
targetsMultiple attack vectors
• CybersCitySpace is a Global Commons and we all have a role in making it a safe and secure place to live, work and play - a complex network of ‘Things’ that has Bigger, Smaller, Smarter and More Mobile ‘to protect
To make this hyper-connected digital world a safer and more secure place requires:• Investing in the development and adoption of international
standards specifically addressing security and privacy/Personally Identifiable Information cyber risks
CyberCitySpaceA Networked Place of Big, Small, Smart and Mobile Things
ImpactFinancial loss, disruption or damage due to the destructive power of cyber attack/incident
Threats and Risks to• Organisations governance and
operations, information, people, processes, services and applications, and technology
• Business, society and government• Infrastructure and environment
Cyber Risk ThresholdsLimiting the destructive power and energy of the cyber attackCyber defence/preparedness, response and recovery
CyberRisk
Societal Challenges and Issues• Privacy and Information Sharing
• Ubiquitous Computing and Mobile Services (anywhere and everywhere)
• Social Networking
• Healthcare and health-informatics
• Food safety systems
• Environmental systems
• Public Safety and Security, Emergency Response
Business and Technological Needs• Interworking of resilient and robust technologies and
networks• Smart and intelligent infrastructure and services
responsive to business and public sector needs, investments and economies
• Supply chain and logistic management systems, GIS
• Management and control of buildings• e-Government
Security for Smart Cities
Public safety and security • keeping people safe and secure from physical attacks, criminal
attacks, terrorism, accidents, environment hazards and natural disasters
• surveillance systems and real-time communications for promote response to incidents
• connectivity of emergency services, incident response teams to gather, share and analyse data and intelligence about incidents in a reliable and secure way
• connectivity with other services health, law enforcement, transport …
• protecting buildings and infrastructure
Security of Energy Systems and Smart Grid• exploitation of SCADA, ICS systems and technology• protection of data exchange between utility CCs and end-
users, between infrastructure entities etc • malware protection against DoS incidents, theft of sensitive
information and incidents critical energy infrastructure and service networks
• other cyber attacks on critical energy infrastructure networks and IT systems
• hacks and frauds relating to ‘smart metering’ systems
Security for Smart Cities
Security of Intelligent Transportation and Navigation Systems• disruptive cyber attacks (malware, DoS, hacks etc) on the IT
infrastructure controlling and managing transportation and navigation systems
• protection of data transmitted for controlling navigation of public transport services
• rapid incident response for traffic disruption, traffic accidents and derailments of trams etc
Security for Smart Cities
Security of Healthcare Systems• protecting healthcare systems, electronic patient records
(EPRs), medical emergency services from cyber attacks against comprising the confidentiality, integrity, availability and privacy of information
• protection the exchange of EPR between healthcare centres and healthcare staff
• protecting communications between emergency services, healthcare and paramedic staff in road traffic accidents, train and tram derailments and accidents, major disasters - fires, explosions, natural incidents
• safety of patients and medical staff involved in hazardous incidents
• resilience for fast recover of IT based healthcare systems
Security for Smart Cities
SectorSpecific(Telecoms(ISO/IEC27011),Health(ISO27799),intelligentTransportsystems,Financial,UCliCes(ISO/IEC27019)
Applica.ons(Cloud,IndustrialAutomaCon,S/WEngineering,Privacy,Fraud,SmartphoneApps)
SecurityControls(NetworkSecurity,ApplicaConSecurity,StorageSecurity(ISO/IEC27040))CyberIncidentManagement(ManagementandIncidentInvesCgaCons(ISO/IEC27035,27037,
27041,27042,27043),DisasterRecovery,ICTReadiness(ISO/IEC27031),emergencymanagement)
Guidance(riskmanagement(IS0/IEC27005,ISO3100),securitymeasurements(ISO/IEC27004)impactassessments,supplierrelaConships(ISO/IEC27036),trustedthirdpartyservices,organisaConal
resilience,cyberresilience,supplychainconCnuity,emergencymanagement,privacycapabilityassessments(ISO/IEC29190,ISMSandprivacy)
Frameworks(IdenCtymanagement(ISO/IEC24760),privacy/PIIprotecCon(ISO/IEC29100),accessmanagement(ISO/IEC29146)
SecurityTechnologyCryptographictechnology(encrypCon,signatures,authenCcaCon,integrity)biometricdevices,idenCty
management,IC/smartcards,RFIDs,PETS,IDPS,trustedplaUormtechnology
ManagementSystemAccredita.on,Cer.fica.onand
Audi.ng(ISO17021series,ISO19011,ISO/IEC
27006,ISO/IEC27007)
Product,SystemandPhysicalSecurityEvalua.on,Tes.ng
(ISO/IEC15408,ISO/IEC15443,ISO/IEC17825,ISO/IEC18045,ISO/IEC18367,ISO/IEC19608,ISO/IEC19791,
ISO/IEC19792,ISO/IEC20004…
ManagementSystemsInformaConSecurityManagementSystem(ISO/IEC27001),BusinessConCnuityManagementSystem(ISO
22301),SecurityManagementSystem–Fraudcountermeasuresandcontrols(ISO34001),Securitymanagementsystem–Fraudcountermeasuresandcontrols.SecurityManagementforSupplyChain(ISO
28000),ManagementsystemforprivatesecurityoperaCons(ISO18788)
Global Partnership for developing International standards (developing the common language for CyberCity security and privacy)
ABC4TrustADDSADRCCCDBCENCENELECCSACSCCTheCyberSecurityNaming&Informa?onStructureGroupsDEWIDMTFECBSENISAESIETSIFERMAFIRSTGICTFIAF
OMGPAC(PacificAccredita?onCoopera?on)PICOSPQCRYPTOPRACTICEPRIPARESAMACSBSSNIASWIFTTCGTheOpenGroupTMForumTeleManagementForumVISA/VISAEUROPEW3CWeb3D3GPP
IAITAMIEEEIIAIIC(IndustrialInternetConsor?um)INLACInterpolIOSC/IETFISACAISC2ISFISMAISSEAitSMFLinuxFounda?onMasterCardNISTOASISOECDOGFOIDF(TheOpenIDFounda?on)
ISOandIECCoopera?ngBodies(sample)
Na$onalStandardsBodies
• Distributed Ledger Technology (DLT)• Block Chain and Distributive Ledger
• Mobile Web • Physical Cyber Systems (CPS)• Wearable Technology• Global Advanced Industrial Systems and Industrial
Internet Standards including IIoT• 5G technology• Disruptive innovation/technology replaces and disrupts
existing technology, services and processes creating new business opportunities and new industries, and also creates new cyber risks
Trends - Continuing and Emerging Activities in CyberCity Standards
Prof. Edward (Ted) Humphreys ([email protected])
Thanks for listening
23 See#©#copyright#no/ce#on#slide#2.###