1

Prof. Edward Humphreys(edwardj7@msn.com)

Smart City Standardisation

Smart City ConceptA city can be defined as ‘smart’ when investments in human and social capital and traditional (transport) and modern (ICT) communication infrastructure fuel sustainable economic development and a high quality of life, with a wise management of natural resources, through participatory action and engagement. (Caragliu et al. 2009)

Smart city is a developed urban area that creates sustainable economic

development and good quality of lifepeople - economy - mobility

environmental conditions - living conditions - governance

Problem of Definition• The new generation of information technologies, such as the IoT, cloud computing, BigData and space/geographical information integration, to facilitate the planning, construction, management and Smart services of Cities.

• The effective integration of physical, digital and human systems in the built environment to deliver a sustainable, prosperous and inclusive future for its citizens.

• ITU-T Focus Group on Smart Sustainable Cities analysed nearly 100 definitions (including the two above) and used these to develop the following definition: A smart sustainable city is an innovative city that uses information and communication technologies (ICTs) and other means to improve quality of life, efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social and environmental aspects”

International Standardisation Overview of Topics

• Smart City Concepts, Models and Relevant Terminology

• Smart City Needs and Requirements (technological, market and societal)

• ICT Standardisation Requirements

• SC Needs —> ICT Requirements

• Technological trends

• Smart City Infrastructure and Services

• CyberCity Security and Privacy

Technology• Big Data

• Ubiquitous Computing

• Resilient and Robust Networking

• GIS (Geographic Information System)

• Cloud Services

• Service Oriented Architecture

• IoT and Sensor Networks

Range of Standards Required• Sustainability standards• Environmental standards• Building and Infrastructure standards• Technology and Service Standards (e.g. IoT, Sensor

Networks, BigData and Cloud)• Safety standards• Industrial Internet and Control System standards• Cyber security and privacy standards

SSC management and assessment standards

SSC services standards

ICT standards

Buildings, physical and infrastructure standardsFr

amew

ork

and

defin

ition

sSMART CITY STANDARDS MODEL

IEEE China*

Europe (CEN/CENELEC & ETSI) UK/BSI

US/ANSI & NIST …

Plus Industry Partners

* National IT Standardization TC (NITS), National CT Standardization TC, National Intelligent Transportation System Standardization TC, National TC on Digital Technique of Intelligent Building and Residence Community of Standardization Administration, Strategic Alliance of Smart City Industrial Technology Innovation.

ISO/TC 211 Geographic information/Geomatics

ISO/TC 215 Health informatics

ISO/TC 241 Road traffic safety management systems

ISO/TC 251 Asset management

ISO/TC 262 Risk management

ISO/TC 267 Facility management

ISO/TC 268 Sustainable cities and communities

ISO/PC 283 Occupational health and safety management systems

ISO/TC 292 Security and resilience

ISO/TC 301 Energy management and energy savings

ISO/TC 307 Blockchain and electronic distributed ledger technologies

ISO/TC 309 Governance of organizations

https://iso.ch/technical-committees.html

http://www.iec.ch/smartcities/

https://www.iso.org/files/live/sites/isoorg/files/developing_standards/docs/en/

smart_cities_report-jtc1.pdf

ISO/IEC JTC 1/WG 7 Sensor networks

ISO/IEC JTC 1/WG 9 Big Data

ISO/IEC JTC 1/WG 10 Internet of Things

ISO/IEC JTC 1/WG 11 Smart cities

ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems

ISO/IEC JTC 1/SC 7 Software and systems engineering

ISO/IEC JTC 1/SC 17 Cards and personal identification

ISO/IEC JTC 1/SC 27 IT Security techniques

ISO/IEC JTC 1/SC 32 Data management and interchange

ISO/IEC JTC 1/SC 38 Cloud Computing and Distributed Platforms

ISO/IEC JTC 1/SC 39 Sustainability for and by Information Technology

ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance

ISO/IEC JTC 1/SC 41 Internet of Things and related technologies

https://iso.ch/committee/45020.html

http://www.itu.int/en/ITU-T/focusgroups/ssc/Pages/default.aspx

CyberCitySpace Risks, Security and Privacy

CHALLENGESGreater and More Diversified set of Cyber Risks

Greater Societal and Business Impact Greater cyber attack surface with a richer set of cyber

targetsMultiple attack vectors

• CybersCitySpace is a Global Commons and we all have a role in making it a safe and secure place to live, work and play - a complex network of ‘Things’ that has Bigger, Smaller, Smarter and More Mobile ‘to protect

To make this hyper-connected digital world a safer and more secure place requires:• Investing in the development and adoption of international

standards specifically addressing security and privacy/Personally Identifiable Information cyber risks

CyberCitySpaceA Networked Place of Big, Small, Smart and Mobile Things

ImpactFinancial loss, disruption or damage due to the destructive power of cyber attack/incident

Threats and Risks to• Organisations governance and

operations, information, people, processes, services and applications, and technology

• Business, society and government• Infrastructure and environment

Cyber Risk ThresholdsLimiting the destructive power and energy of the cyber attackCyber defence/preparedness, response and recovery

CyberRisk

Societal Challenges and Issues• Privacy and Information Sharing

• Ubiquitous Computing and Mobile Services (anywhere and everywhere)

• Social Networking

• Healthcare and health-informatics

• Food safety systems

• Environmental systems

• Public Safety and Security, Emergency Response

Business and Technological Needs• Interworking of resilient and robust technologies and

networks• Smart and intelligent infrastructure and services

responsive to business and public sector needs, investments and economies

• Supply chain and logistic management systems, GIS

• Management and control of buildings• e-Government

Security for Smart Cities

Public safety and security • keeping people safe and secure from physical attacks, criminal

attacks, terrorism, accidents, environment hazards and natural disasters

• surveillance systems and real-time communications for promote response to incidents

• connectivity of emergency services, incident response teams to gather, share and analyse data and intelligence about incidents in a reliable and secure way

• connectivity with other services health, law enforcement, transport …

• protecting buildings and infrastructure

Security of Energy Systems and Smart Grid• exploitation of SCADA, ICS systems and technology• protection of data exchange between utility CCs and end-

users, between infrastructure entities etc • malware protection against DoS incidents, theft of sensitive

information and incidents critical energy infrastructure and service networks

• other cyber attacks on critical energy infrastructure networks and IT systems

• hacks and frauds relating to ‘smart metering’ systems

Security for Smart Cities

Security of Intelligent Transportation and Navigation Systems• disruptive cyber attacks (malware, DoS, hacks etc) on the IT

infrastructure controlling and managing transportation and navigation systems

• protection of data transmitted for controlling navigation of public transport services

• rapid incident response for traffic disruption, traffic accidents and derailments of trams etc

Security for Smart Cities

Security of Healthcare Systems• protecting healthcare systems, electronic patient records

(EPRs), medical emergency services from cyber attacks against comprising the confidentiality, integrity, availability and privacy of information

• protection the exchange of EPR between healthcare centres and healthcare staff

• protecting communications between emergency services, healthcare and paramedic staff in road traffic accidents, train and tram derailments and accidents, major disasters - fires, explosions, natural incidents

• safety of patients and medical staff involved in hazardous incidents

• resilience for fast recover of IT based healthcare systems

Security for Smart Cities

SectorSpecific(Telecoms(ISO/IEC27011),Health(ISO27799),intelligentTransportsystems,Financial,UCliCes(ISO/IEC27019)

Applica.ons(Cloud,IndustrialAutomaCon,S/WEngineering,Privacy,Fraud,SmartphoneApps)

SecurityControls(NetworkSecurity,ApplicaConSecurity,StorageSecurity(ISO/IEC27040))CyberIncidentManagement(ManagementandIncidentInvesCgaCons(ISO/IEC27035,27037,

27041,27042,27043),DisasterRecovery,ICTReadiness(ISO/IEC27031),emergencymanagement)

Guidance(riskmanagement(IS0/IEC27005,ISO3100),securitymeasurements(ISO/IEC27004)impactassessments,supplierrelaConships(ISO/IEC27036),trustedthirdpartyservices,organisaConal

resilience,cyberresilience,supplychainconCnuity,emergencymanagement,privacycapabilityassessments(ISO/IEC29190,ISMSandprivacy)

Frameworks(IdenCtymanagement(ISO/IEC24760),privacy/PIIprotecCon(ISO/IEC29100),accessmanagement(ISO/IEC29146)

SecurityTechnologyCryptographictechnology(encrypCon,signatures,authenCcaCon,integrity)biometricdevices,idenCty

management,IC/smartcards,RFIDs,PETS,IDPS,trustedplaUormtechnology

ManagementSystemAccredita.on,Cer.fica.onand

Audi.ng(ISO17021series,ISO19011,ISO/IEC

27006,ISO/IEC27007)

Product,SystemandPhysicalSecurityEvalua.on,Tes.ng

(ISO/IEC15408,ISO/IEC15443,ISO/IEC17825,ISO/IEC18045,ISO/IEC18367,ISO/IEC19608,ISO/IEC19791,

ISO/IEC19792,ISO/IEC20004…

ManagementSystemsInformaConSecurityManagementSystem(ISO/IEC27001),BusinessConCnuityManagementSystem(ISO

22301),SecurityManagementSystem–Fraudcountermeasuresandcontrols(ISO34001),Securitymanagementsystem–Fraudcountermeasuresandcontrols.SecurityManagementforSupplyChain(ISO

28000),ManagementsystemforprivatesecurityoperaCons(ISO18788)

Global Partnership for developing International standards (developing the common language for CyberCity security and privacy)

ABC4TrustADDSADRCCCDBCENCENELECCSACSCCTheCyberSecurityNaming&Informa?onStructureGroupsDEWIDMTFECBSENISAESIETSIFERMAFIRSTGICTFIAF

OMGPAC(PacificAccredita?onCoopera?on)PICOSPQCRYPTOPRACTICEPRIPARESAMACSBSSNIASWIFTTCGTheOpenGroupTMForumTeleManagementForumVISA/VISAEUROPEW3CWeb3D3GPP

IAITAMIEEEIIAIIC(IndustrialInternetConsor?um)INLACInterpolIOSC/IETFISACAISC2ISFISMAISSEAitSMFLinuxFounda?onMasterCardNISTOASISOECDOGFOIDF(TheOpenIDFounda?on)

ISOandIECCoopera?ngBodies(sample)

Na$onalStandardsBodies

• Distributed Ledger Technology (DLT)• Block Chain and Distributive Ledger

• Mobile Web • Physical Cyber Systems (CPS)• Wearable Technology• Global Advanced Industrial Systems and Industrial

Internet Standards including IIoT• 5G technology• Disruptive innovation/technology replaces and disrupts

existing technology, services and processes creating new business opportunities and new industries, and also creates new cyber risks

Trends - Continuing and Emerging Activities in CyberCity Standards

Prof. Edward (Ted) Humphreys (edwardj7@msn.com)

Thanks for listening

23 See#©#copyright#no/ce#on#slide#2.###