Dr Sally Leivesley
  Catastrophic Risk
  Smart Cities
  Recent Media Commentary
  Contact Newrisk Limited
    - Media Enquiries
  Lectures & Conferences
  The Exercise Group7
  Papers & Publications
  Risk Assessments
  Post Incident Analyses
  Continuity Planning
  Crisis Communications
    -  Media & Social Media
  Employee Preparedness
  Audit Assurance Risk
  Aviation Security
  Biological Threats
  Catastrophic Risk
  Chemical Threats
  Continuity Planning
  Criminal Justice
  Cyber Security
  Defence & Policing
  Education & Training
  Emergency Services
  Financial Threats
  London in 2012 Security
  Radiological & Dirty Bombs
  Reputation Risk Management
  Risk Management
  Terrorism & Security
  Transportation Security


Smart Cities

Understanding risk in smart cities requires a different method of risk management and a flexible risk mitigation input for business operations which are growing at a fast pace with Cloud services and global connectedness to Big Data sources.  

Newrisk Limited offers a range of catastrophic risk services which widen the threat horizons that can be visualised and acted upon in a timely manner to protect the organisation.  Human factor failures are integrated with technological failures and malevolent events from insiders, organised crime, and nation states intent on disrupting critical operations such as finance, communications, defence and security, media, transport, energy, water and other infrastructure. 

A quantified risk analysis across the smart city risk horizon can support safety, security and environmental management and reduce the levels of uncertainty that confront business and government operations every day. 
Catastrophic risk management services for companies and governments operating in smart cities are a new component of risk management because connectedness has brought many risk factors together.  Catastrophic failures occur because highly connected systems can suddenly fail from a critical point coming under pressure or from convergence of operations which create a new central point of weakness or a vulnerable target for malevolent action against the company or government operation.  New threats to systems controls widen the threat spectrum beyond data protection and software failures.  There are risks from any inability of a facilities management process to access its building control systems or to see the systems data on operation of essential services (energy control, access control, communications, unauthorised devices on the system, unauthorised access across systems).

There are risks to all business processes that are impacted with failures of systems delivering business processes within intelligent buildings and to the world through cyber space.   

Smart cities are constantly evolving with connectedness in cyber space between people, buildings, transport, energy, water, communications, commercial operations, media and the multitude of activities cities generate.   The boundaries of smart cities are in cyber space which creates global linkages in the connections to systems and this brings a different threat horizon that has to be monitored for business operations, safety and continuity of activities.  Cyber events whether accidental from failures to integrate rapidly changing technologies or intentional from individuals, terrorists or nation states are rapidly creating disruptions and uncertainty because there is no international legal agreement between countries on boundaries, behaviour, criminal investigation or compensation when systems fail. Cyber space is not geographically bounded except where services and companies are located but virtual space with cloud and the speed of electronic connectedness means that cyber space creates unbounded and ungoverned threat landscape. 

Risk work requires evaluation of the threat landscape and safety, security and integrity of systems and people within this landscape and how business can manage a pathway through many uncertainties that would otherwise reduce initiatives to expand business reach. 

Newrisk Limited is a member of the Register of Security Engineers and Specialists http://www.rses.org.uk/home/list-of-members. The Register covers security specialties essential for the protection of critical national infrastructure – these include Protection against the effect of weapons, blast, electronic systems, CBRN (Chemical, Biological, Radiological, Nuclear, Hostile vehicle mitigation, Pedestrian barriers, Explosives and weapons search detection. Additionally Cyber threat mitigation, cyber systems/ security/ fire- integration and assurance of systems security are components of managing essential business operational in a highly connected intelligent buildings and smart city environment. 

Experience in smart cities and risk management has been contributed on a Technical Panel advising the IET Standards technical guidance document released on line, June 2013. Resilience and Cyber Security of Technology in the Built Environment, is the first study on cyber requirements for highly interconnected smart cities and is essential knowledge for companies and managers of intelligent buildings, energy, water, communications and other interconnected critical infrastructure.  The document recognises that economic and environmental benefits will come from the successful integration, assurance, agreement on responsibilities and continuity of operation of these systems. Ten organisations have participated on the Technical Committee to develop the Resilience and Cyber Security Guidance - the Defence Science and Technology Laboratory (dstl), the Centre for the Protection of Critical National Infrastructure (CPNI), Transport for London, the Corporate IT Forum, Dr Sally Leivesley from Newrisk and experts from global companies.  

‘The technical briefing examines the different sources of threats across the building lifecycle from initial concept through to decommissioning. It considers potential threat agents that could cause or contribute to a cyber security incident and identifies some of the measures that may be appropriate to reduce the risks’

The document covers the threat landscape, 20 critical controls, security through specification phase to decommissioning, relevant Standards, Intelligent Building case studies and legal issues such as intellectual property and commercial data. 

Newrisk Limited's early experience in smart city security design evolved from tender work on security design for a new build of a smart city in the Middle East where the continuity of security, safety and mass population movement from airport and sea ports, rail links and technology parks as hubs of productivity and the new design of accommodation, leisure and community support services, retail services and government infrastructure required a security framework based on the threat horizons for the smart city.  The dynamic changing threats evolving from the specification through design, commissioning, operation and change management stages in such a city all require solutions and risk based decisions within a coherent and harmonious security framework.   

Presentations on threats to smart cities have been given in Solar Storms and integrating hybrid threats from HEMP, IEMI and SCADA attacks into a concept of stabilisation of systems during times of high uncertainty events where massive impacts threaten the total loss of systems that sustain cities and populations. Integrated with this are insider threats and human factors failures which can present failure modes equivalent to other forms of systems loss.  (http://conferences.theiet.org/solar-storms/about/index.cfm ) Also there has been recent discussion and presentations on urban terror targets (see: 'Urban Terror Targets: Optimising Cyber Security for Survival' for CISO Middle East Ninth Annual Conference, Dubai, March 27-29, 2017 on March 28).

In June 2013, at a Chief Information Security Summit in Amsterdam Dr Leivesley presented on Cyber Resilience on Smart Cities and Intelligent Buildings,  describing top threats in Europe and rest of the world, Global Gate Keeping, Advanced Persistent Threats, global hot spots, nuclear high altitude electromagnetic pulse, intentional electromagnetic interference effects; smart cities and intelligent buildings; critical national infrastructure – water, nuclear power plants, telecommunications and aviation.  http://www.ciso-summit.com/europe/summit-agenda


Sally Leivesley



  • Terror 2017
  • Cyber 2017

New dangers are appearing from terrorism for the UK & other countries after the failed Parsons Green underground rail bombing.  Greater public preparedness is now important on what to do in an imminent emergency whether arising from bombs, knives, car ramming or shootings. Workplace training & exercising will help many commuters & will be transferred by them to their families & importantly will encourage parents to discuss emergency evacuations & procedures with any children who travel unaccompanied to school each day.   Newrisk Limited which is a founder member of The Exercise Group7 LLP, (TEG7) is now part of the team providing 14 bespoke courses to mitigate risk from cyber & terrorism & to develop greater awareness of protection under catastrophic risk events.   The TEG7 team work is built up from former military specialist skills & institutional cyber operations skills (www.teg7.co.uk).

Individuals can be encouraged to make their own personal protection plans to empower themselves for any unlikely emergency from terrorism so that they are quickly able to recognise an incident & protect themselves & people close-by to the best of their ability.  Personal plans may include understanding what may be seen or heard or smelt when in proximity to a threat, what materials in clothing give better durability in certain threat situations & what the timelines are for the best chances for survival & mitigation of injury & shock.  Psychological issues in the aftermath of a high threat incident are also important for awareness & self-help & seeking professional help is possible also in these upsetting situations when there has been a near death experience.

Personal information data loss from 400,000 British citizens has been reported by Equifax alongside 143 million Americans in an incident identified in September.  These large data losses provide the criminal world - as well as nation states that use hackers as proxies for defence & commercial information - with the means to undertake identity theft & to attack individuals & companies in many different ways.  Personal history details remain the same throughout life & passwords are frequently used across different areas of activity so that hacking of this scale inevitably exposes the workplace as well as the individual.

Newrisk Limited as part of the TEG7 (The Exercise Group 7 LLP) training initiative, is providing cyber risk mitigation & catastrophic risk training for companies & governments world-wide.  The TEG7 team work is built up from former military specialist skills & institutional cyber operations skills (www.teg7.co.uk). There are 14 courses designed for cyber & physical security to be managed in an integrated format along with an understanding of the extreme threats which are difficult to recognise but which threaten the sustainability of operations.