ABOUT NEWRISK LIMITED
  Dr Sally Leivesley
  Catastrophic Risk
  Smart Cities
  Recent Media Commentary
  Contact Newrisk Limited
    - Media Enquiries
     
    SERVICES
  Lectures & Conferences
  Exercises
  The Exercise Group7
  Papers & Publications
  Workshops
  Risk Assessments
  Post Incident Analyses
  Continuity Planning
  Crisis Communications
    -  Media & Social Media
  Employee Preparedness
     
    EXPERTISE
  Audit Assurance Risk
  Aviation Security
  Biological Threats
  Catastrophic Risk
  CBRNE
  Chemical Threats
  Continuity Planning
  Criminal Justice
  Cyber Security
  Defence & Policing
  Disasters
  Education & Training
  Emergency Services
  Explosives
  Financial Threats
  Insurance
  London in 2012 Security
  Nuclear
  Radiological & Dirty Bombs
  Reputation Risk Management
  Risk Management
  Terrorism & Security
  Transportation Security
     
     

 

Smart Cities

Understanding risk in smart cities requires a different method of risk management and a flexible risk mitigation input for business operations which are growing at a fast pace with Cloud services and global connectedness to Big Data sources.  

Newrisk Limited offers a range of catastrophic risk services which widen the threat horizons that can be visualised and acted upon in a timely manner to protect the organisation.  Human factor failures are integrated with technological failures and malevolent events from insiders, organised crime, and nation states intent on disrupting critical operations such as finance, communications, defence and security, media, transport, energy, water and other infrastructure. 

A quantified risk analysis across the smart city risk horizon can support safety, security and environmental management and reduce the levels of uncertainty that confront business and government operations every day. 
Catastrophic risk management services for companies and governments operating in smart cities are a new component of risk management because connectedness has brought many risk factors together.  Catastrophic failures occur because highly connected systems can suddenly fail from a critical point coming under pressure or from convergence of operations which create a new central point of weakness or a vulnerable target for malevolent action against the company or government operation.  New threats to systems controls widen the threat spectrum beyond data protection and software failures.  There are risks from any inability of a facilities management process to access its building control systems or to see the systems data on operation of essential services (energy control, access control, communications, unauthorised devices on the system, unauthorised access across systems).

There are risks to all business processes that are impacted with failures of systems delivering business processes within intelligent buildings and to the world through cyber space.   

Smart cities are constantly evolving with connectedness in cyber space between people, buildings, transport, energy, water, communications, commercial operations, media and the multitude of activities cities generate.   The boundaries of smart cities are in cyber space which creates global linkages in the connections to systems and this brings a different threat horizon that has to be monitored for business operations, safety and continuity of activities.  Cyber events whether accidental from failures to integrate rapidly changing technologies or intentional from individuals, terrorists or nation states are rapidly creating disruptions and uncertainty because there is no international legal agreement between countries on boundaries, behaviour, criminal investigation or compensation when systems fail. Cyber space is not geographically bounded except where services and companies are located but virtual space with cloud and the speed of electronic connectedness means that cyber space creates unbounded and ungoverned threat landscape. 

Risk work requires evaluation of the threat landscape and safety, security and integrity of systems and people within this landscape and how business can manage a pathway through many uncertainties that would otherwise reduce initiatives to expand business reach. 

Newrisk Limited is a member of the Register of Security Engineers and Specialists http://www.rses.org.uk/home/list-of-members. The Register covers security specialties essential for the protection of critical national infrastructure – these include Protection against the effect of weapons, blast, electronic systems, CBRN (Chemical, Biological, Radiological, Nuclear, Hostile vehicle mitigation, Pedestrian barriers, Explosives and weapons search detection. Additionally Cyber threat mitigation, cyber systems/ security/ fire- integration and assurance of systems security are components of managing essential business operational in a highly connected intelligent buildings and smart city environment. 

Experience in smart cities and risk management has been contributed on a Technical Panel advising the IET Standards technical guidance document released on line, June 2013. Resilience and Cyber Security of Technology in the Built Environment, is the first study on cyber requirements for highly interconnected smart cities and is essential knowledge for companies and managers of intelligent buildings, energy, water, communications and other interconnected critical infrastructure.  The document recognises that economic and environmental benefits will come from the successful integration, assurance, agreement on responsibilities and continuity of operation of these systems. Ten organisations have participated on the Technical Committee to develop the Resilience and Cyber Security Guidance - the Defence Science and Technology Laboratory (dstl), the Centre for the Protection of Critical National Infrastructure (CPNI), Transport for London, the Corporate IT Forum, Dr Sally Leivesley from Newrisk and experts from global companies.  

‘The technical briefing examines the different sources of threats across the building lifecycle from initial concept through to decommissioning. It considers potential threat agents that could cause or contribute to a cyber security incident and identifies some of the measures that may be appropriate to reduce the risks’
.

The document covers the threat landscape, 20 critical controls, security through specification phase to decommissioning, relevant Standards, Intelligent Building case studies and legal issues such as intellectual property and commercial data. 

Newrisk Limited's early experience in smart city security design evolved from tender work on security design for a new build of a smart city in the Middle East where the continuity of security, safety and mass population movement from airport and sea ports, rail links and technology parks as hubs of productivity and the new design of accommodation, leisure and community support services, retail services and government infrastructure required a security framework based on the threat horizons for the smart city.  The dynamic changing threats evolving from the specification through design, commissioning, operation and change management stages in such a city all require solutions and risk based decisions within a coherent and harmonious security framework.   

Presentations on threats to smart cities have been given in Solar Storms and integrating hybrid threats from HEMP, IEMI and SCADA attacks into a concept of stabilisation of systems during times of high uncertainty events where massive impacts threaten the total loss of systems that sustain cities and populations. Integrated with this are insider threats and human factors failures which can present failure modes equivalent to other forms of systems loss.  (http://conferences.theiet.org/solar-storms/about/index.cfm ) Also there has been recent discussion and presentations on urban terror targets (see: 'Urban Terror Targets: Optimising Cyber Security for Survival' for CISO Middle East Ninth Annual Conference, Dubai, March 27-29, 2017 on March 28).

In June 2013, at a Chief Information Security Summit in Amsterdam Dr Leivesley presented on Cyber Resilience on Smart Cities and Intelligent Buildings,  describing top threats in Europe and rest of the world, Global Gate Keeping, Advanced Persistent Threats, global hot spots, nuclear high altitude electromagnetic pulse, intentional electromagnetic interference effects; smart cities and intelligent buildings; critical national infrastructure – water, nuclear power plants, telecommunications and aviation.  http://www.ciso-summit.com/europe/summit-agenda

 

Sally Leivesley


       DR SALLY LEIVESLEY




          BREAKING NEWS

  • TEG7
  • Cyber Threats
In response to the Paris & Brussels attacks, Newrisk Ltd has become part of The Exercise Group7. The TEG7 LLP is a dynamic team drawn from cyber & former special defence fields to exercise organisations & governments on emerging terror threats.  The TEG7 profile can be seen at www.teg7.co.uk.  The level of casualties from shooting attacks (as with the Bataclan (France) in 2015; Brussels airport (Belgium), Ataturk airport (Turkey), Nice beach (France) & Berlin Christmas Market (Germany) in 2016; & La Reina Nightclub (Turkey) in 2017) are the result of military style incursions by terrorists determined to maximise casualties.  Home grown terror threats are increasing in many countries - the New York & New Jersey bombs found in 2016 & the numerous disrupted plots in the UK, Germany & France - indicate serious changes in terror capability which may be made more dynamic as ISIS fighters return to their home countries.

Cyber threats are changing from loss of data & privacy to loss of control of business systems & more seriously reconnaissance attacks on critical infrastructure including energy grids.  The fragility of highly connected systems will become more serious in 2017 with open system dependencies (driven by business innovation).   Degraded capacity operations will become essential if persistent attacks affect critical infrastructure.  Exploiting cyber weaknesses are (i) criminals with ransomware & (ii) nation states aiming to disrupt, deter or signal capability against target countries.  The Ukraine power attacks remain a lesson for critical infrastructure losses.  Aviation remains the industry ‘canary’ for cyber failures & cyber forensics must evolve to close open investigations (as in the case of MH370).