The cyber security of critical urban infrastructures in the Netherlands: Smart city technology will increase the vulnerabilities

The Cyber Security of Critical Urban

Infrastructures in the Netherlands

Smart city technology will increase the vulnerabilities

Jean-Paul Sebastian Chün S2089548

Master Thesis

The cyber security of critical urban infrastructures in the Netherlands:

Smart city technology will increase the vulnerabilities

Supervisor: Dr. Vlad Niculescu-Dinca Second reader: Dr. Tommy van Steen

Jean-Paul Sebastian Chün S2089548

Wordcount: 18.405

Master Thesis

MSc Crisis and Security Management Faculty of Governance and Global Affairs

Leiden University

i

Preface

This master thesis is the final assignment before the Crisis and Security Management master program at the University of Leiden is completed. This research investigates the cyber security within smart cities. The focus of this research lies on critical urban infrastructures in the Netherlands. This thesis can be seen in the broader context of smart city studies related to the master thesis capstone of Dr.ir. Vlad Niculescu-Dinca.

The supposed prior knowledge before reading this thesis is a general understanding of the concepts of smart cities and cyber security. Although, both concepts are explained in detail in this thesis, prior knowledge is desirable. Readers that are interested in the newly created theoretical cyber security framework are advised to read section 2.2, Theoretical framework. For the readers that like to know more about the setup of the interviews and the interview selection it is recommended to read section 3.2, Data collection.

My deepest gratitude goes to the people who helped me with the realisation of this master thesis. At the first place Dr.ir. Vlad Niculescu-Dinca, who gave guidance and challenged me to excel during the whole process of conducting this master thesis research. In addition, he inspired me by inviting our capstone group to state-of-the-art smart city conferences and meetings. The second person that I would like to thank is Dr. Tommy van Steen for providing critical but useful feedback. In addition, I would like to thank my fellow capstone members for providing me with feedback, support and interview contacts. However, my biggest gratitude goes to the interviewees. They provide me with their knowledge and insights, without benefiting from it. In addition, I am grateful to my family and friends that helped me during this research, especially Sarah van Amerongen, Nathalie Chün, and Arvid de Groot, who served as proofreaders. Finally, I would like to thank everybody who brought me into contact with my interviewees. This master thesis would not have been possible without their help.

Jean-Paul Sebastian Chün

ii

Abstract

The smart city is a matter of dispute in the search to improve our cities to accommodate more people in a more liveable environment. The smart city concept is based on the implementation of sensors, devices, and other kinds of digital technologies. The downside of digital technologies is their vulnerability to cyber-attacks. This research focusses on the cyber security of the most critical parts of a smart city, the critical urban infrastructures.

The aim of this research is to explore the cyber security vulnerabilities of smart city systems in critical urban infrastructures. It is decided to conduct an exploratory qualitative research, due to the novelty of the smart city concept and the first steps that are taken in the realisation of smart cities in the Netherlands. The scope of the research is limited to a Dutch perspective on smart cities. The data of this research is collected by conducting expert interviews and reviewing policy documents. This data is being analysed with the help of a theoretical framework on the cyber security of smart cities, specially created and designed for this research. The analysis resulted in four findings; 1) the implementing of smart city systems only has disadvantages in a cyber security perspective, 2) the complexity of smart city systems combined with human interaction creates vulnerabilities, 3) the kind of cyber-attacks that can be used to exploit these vulnerabilities is vast, 4) this will lead to an arms race between cyber security and cybercrime. The conclusion of this research is that the cyber security of critical urban infrastructures will decrease if the cyber security level does not keep up with the growth of the cyber vulnerabilities.

This research is setup as an exploratory research of the impact of smart city systems on the cyber security of critical urban infrastructures. The outcome of this research are insights in the general impact on the cyber security. In order to quantify the impact of the vulnerabilities further research is needed. This also applies to the cyber security against cyber-attacks. Further research is needed to exanimate the cost of cyber security measures and the damages thar are caused by cyber-attacks.

Key words: Smart city, cyber security, critical urban infrastructures, cyber vulnerabilities,

iii

Table of content

1.2. Academic and societal relevance ... 6

1.3. Research question and sub-questions ... 6

1.4. Reading guide ... 7

2. Theory ... 8

2.1. Conceptualisation ... 8

2.1.1. Smart city ... 8

2.1.2. Cyber security ... 10

2.1.3. Critical urban infrastructures ... 12

2.2. Theoretical framework ... 13

2.2.1. Existing cyber security frameworks ... 13

2.2.2. Cyber security framework for this research ... 18

3. Methodology ... 22

3.1. Research design ... 22

3.2. Data collection ... 23

3.2.1 Primary source data: Interviews ... 23

3.2.2 Secondary source data: policy documents ... 25

3.3. Operationalisation ... 26

3.3.1. Indicators ... 26

3.3.2. Coding Scheme of the data ... 27

3.4. Reliability and validity ... 28

3.4.1. Construct validity ... 28 3.4.2. Internal validity ... 28 3.4.3. External validity ... 28 3.4.4. Reliability ... 29 3.5. Limitations ... 29 4. Analysis ... 30 4.1. Increasing risks ... 30

4.2. Complexity and humanity: the weakest links ... 35

4.3. No limits to the cyber-attacks ... 39

4.4. The everlasting arms race ... 41

iv

5.1. Evaluation of the interviews ... 44

5.2. Evaluation of the findings ... 45

5.3. Evaluation of the theoretical framework ... 47

6. Conclusion ... 50

6.1. Thesis conclusion ... 50

6.2. Recommendations ... 52

6.3. Recommendation for future research ... 52

References ... 53

Appendix A: Interview questions ... 64

Appendix B: Coding scheme ... 65

Appendix C: Results analysis ... 66

List of figures

Figure 2: Graphic representation of the theoretical framework. ... 21

Figure 3 Graphic representation of revision of the theoretical framework. ... 49

List of tables

Table 2: Explanation different cyber-attacks ... 18

Table 3: Interview details ... 24

Table 4: Overview of the indicators, sub-indicators and dimensions of this research. ... 27

Table 5: Coding scheme interviews ... 65

Table 6: The advantages and disadvantages of smart cities according to the interviewees ... 66

Table 7: Statements of the interviewees regarding... 67

Table 8: Statements of the interviewees regarding the vulnerabilities of smart cities ... 68

Table 9: The cyber-attacks that poses threats ... 69

5

1. Introduction

Rural areas around the world are becoming more sparsely populated. People are moving from rural areas to urban areas, to cities and its suburbs. More than half of the European population lived in urban areas in 1950 and this will increase to 85 percent of the European population in 2050 (Caragliu, Del Bo & Nijkamp, 2011). The definition of an urban area is; “an area with human agglomerations and with >50 % of the surface built, surrounded by other areas with 30– 50 % built, and overall a population density of more than ten individuals per hectare” (Seto, Parnell & Elmqvist, 2013, p.3). The increase of the human population in urban areas does have consequences for the liveability in these areas. These consequences usually do not have a positive effect on the liveability. For example, “traffic congestion, pollution and increasing social inequality” (Neirotti, De Marco, Cagliano, Mangano & Scorrano, 2014, p.25) are negative consequences of the growth of cities. In addition, the facilitation of common utilities and public services are being put under pressure in the growing urban areas, due to the increasing demand of these utilities. Some of these utilities and public services are part of the critical infrastructure of a nation. Critical infrastructures can be defined as “systems and assets, whether physical or virtual, that are so vital that their incapacitation or destruction would have a debilitating impact on national, economic or operational security, as well as public health or safety” (Lis & Mendel, 2019, p.25). The increasing urbanisation will therefore also influence the efficiency of these critical infrastructures, due to their limited capacity.

1.1. Smart city

A smart city could help organise a city in such a way that the negative consequences of a growing population are minimized (Rassia & Pardalos, 2017). The concept of smart cities is now seen as “a vision for stimulating and supporting innovation and economic growth, and providing sustainable and efficient urban management and development” (Kitchin, 2014, p.12). The word vision touches the core of the concept. Smart cities are not cities in the traditional meaning of the word; “dense settlements in space” (Marcotullio & Solecki, 2013, p.13). The vision of smart city embodies the transition towards the digitalisation of cities. The smart city concept uses digital devices to realise this vision (Kitchin, 2014). The result is that it is hard to define a smart city, because a smart city is built up from different smart city technological systems and devices. According to the general system theory “a system is defined as a complex of components in interaction, or by some similar proposition” (Bertalanffy, 1967, p. 69). In this thesis, the definition of a system is: interacting elements that can be seen as a whole.

6 The concept of the smart city seems like a great solution for the current urban problems. However, the increase of digital devices in urban areas creates some challenges. One of these challenges is maintaining the cyber security of urban areas within a smart city (Braun, Fung, Iqbal & Shah, 2018; Dodge & Kitchin, 2019). Therefore, this research delves into the depths of the cyber security of smart cities. In addition, this research focusses on smart city initiatives in the Netherlands. The biggest cities in the Netherlands are actively researching smart city projects, such as Amsterdam, Rotterdam, The Hague, Utrecht, and Eindhoven (VNG, 2018). Therefore, the Netherlands provides enough involvement in the research of smart cities. Another demarcation is the focus on just the critical urban infrastructures in smart cities. The puzzle of this research is to explore how a smart city can increase the urban life quality without a decrease in the cyber security of critical urban infrastructures.

1.2. Academic and societal relevance

The relevance of answering this research question can be divided into academic and societal relevancy. The academic relevance of this research lies mainly in the fact that the cyber security of smart cities is only marginally discussed in the academic literature about smart cities. Therefore, this explorative research shall contribute to the academic field of cyber security of smart cities by adding knowledge and insights into this under-researched academic field.

This research is socially relevant, because the implementation of a smart city could have major consequences for a society. As mentioned above, a new way of organising cities is needed to accommodate the increasing population in urban areas. It is important for citizens that the liveability of their urban areas is not decreasing, but where possible increases. The implementation of a smart city could be the new way of organising a smart city. However, the implementation of a smart city is accompanied by an increase in digital devices. The security of this digital part of the smart city is important for the continuous functioning of critical infrastructures. Therefore, research into the cyber security of a smart city is relevant to society.

1.3. Research question and sub-questions

Both the academic and societal relevance show that there is need for researching the cyber security of smart cities. The puzzle of this research focusses on an important part of the smart city: the critical urban infrastructure. Together they support the following research:

How do smart city systems impact cyber security vulnerabilities of critical infrastructures in urban areas in the Netherlands?

7 In order to answer this research question multiple questions are needed. These sub-questions are:

• What are the advantages of smart city systems in urban areas? • What are the disadvantages of smart city systems in urban areas? • What are the vulnerabilities of smart city systems?

• What are the cyber security threats to critical urban infrastructures in the Netherlands? • What is the effect of these threats on the cyber security level of critical urban

infrastructures in the Netherlands?

1.4. Reading guide

This thesis consists of six chapters. Chapter 2. Theory follows the introduction and discusses the conceptualisation of the key concepts of this research; smart city, cyber security, and critical urban infrastructures. This chapter also discusses the creation of the theoretical framework of this research. Chapter 3. Methodology elaborates the methodology of this research. This chapter discusses the design, the data collection, the operationalisation of the theoretical framework, and the validity and reliability of this research. Chapter 4. Analysis discusses four key findings of the analysis of this research. Chapter 5. Discussion elaborates the discussion of this master thesis. The last chapter of this master thesis is Chapter 6. Conclusion. The conclusion chapter answers the research question of this research based on the findings of the analysis. In addition, some recommendations and future research suggestions are presented in this chapter.

8

2. Theory

This chapter discusses the theory and the theoretical framework of this research. The chapter starts with section 2.1 Conceptualisation, which discusses the conceptualisation of the three key concepts of this research: smart city, critical urban infrastructures, and cyber security. Section 2.2 Theoretical framework elaborates existing cyber security frameworks and discusses the specially designed theoretical framework for this research.

2.1. Conceptualisation

The research question contains three key concepts: smart city, critical urban infrastructures, and cyber security. These concepts are interrelated with each other in the puzzle of this research, as illustrated in figure 1. In this research each concept needs to be researched form the perspective of the two other concepts. For example, the smart city needs to be researched from a critical urban infrastructures and cyber security perspective in order to answer the research question. This section discusses the three key concepts separately.

FIGURE 1:GRAPHICAL IMAGE OF THE RELATION BETWEEN THE THREE KEY CONCEPTS IN THIS RESEARCH

2.1.1. Smart city

There is not a general consensus about the definition of a smart city (Townsend, 2014). Therefore, a variety of definitions and frameworks can be found in the academic literature about smart cities. However, some scholars argue that there is not such a thing as just a smart city, and that there is no clear distinction between a smart city and a non ‘smart’ city. A smart city is a collection of smart separate systems in the ‘hard’ and ‘soft’ domains of a city (Neirotti et al., 2014). Aspects of this hard domain are: healthcare, public security, mobility, the environment, and city utilities (Neirotti et al., 2014). This can be summarized as the city services that are observable in everyday live in the city, like for example; streetlights, road signs, traffic lights, and emergency services. In contrast with the hard domain stands the soft

Smart City

Cyber Security Critical Urban

9 domain. The soft domain consists of the non-visible functions of a city: education, social equality, the economy, and the public administration of a city (Neirotti et al., 2014). The function of the smart city is according to Neirotti et al. (2014) helping cities allocate their resources in a better way with the use of ICT (information and communication technology). The function and the definition of the smart city depends of the context in which it is applied. In the hard domain the digital technology used for the smart city is more visible than in the soft domain.

Another definition of a smart city is the definition of Kitchin. Kitchin (2014) describes two definitions of the smart city: 1) urban areas with an increase of digital devices which can be used to control the urban area (monitoring, managing, and regulating), 2) the smart city refers to a city with a knowledge driven economy. Only the first definition of Kitchin can be used in this research, because this research focusses on the cyber security of smart cities. The first definition fits better with the purpose of this research, with its focus on digital devices. The second definition focusses more on the non-technical advantages of a smart city, such as knowledge. This definition cannot be used to evaluate the cyber security of smart cities, due to the lack of technical content. Therefore, only the first definition of Kitchin shall be included in this research.

Townsend (2014) describes the smart city in a similar way as the first definition of Kitchin. According to Townsend the smart city is a place where information technology is embedded in “infrastructure, architecture, everyday objects, and even our bodies to address social, economic, and environmental problems” (Townsend, 2014, p.15). Examples of these problems are shown in table 1. The definition of Townsend includes the domains in which the smart city operates. In addition, his definition shows that there are problems in the traditional governance structures and that the smart city addresses them. Other scholars have similar ways of describing the smart city by addressing the current problems in urban areas. The smart city is “a place where traditional networks and services are made more flexible, efficient, and sustainable with the use of information, digital, and telecommunication technologies to improve the city’s operations for the benefit of its inhabitants” (Mohanty, Choppali and Kougianos, 2016, p.60).

10

TABLE 1:CURRENT PROBLEMS IN URBAN AREAS

Problem areas Example

Social Social inequalities manifest strongly in cities (Petríková & Petríková, 2020)

A challenge of growing cities is “maintaining social cohesion” (Baucells, Moreno & Arce, 2016, p.95)

Economic Economical inequalities manifest strongly in cities (Petríková & Petríková, 2020)

Environmental Increase in air and water pollution due to urbanization (Zhao et al., 2006) Urbanization changes local climates and creates heat islands (Zhao et al., 2006)

Loss of biodiversity in the urban area’s (Zhao et al., 2006)

In all three definitions the word city is not mentioned ones. These scholars see the smart city as a concept that can be used in all urban areas and is not limited to the environment of a city. As shown in this subsection there are multiple ways to look at smart cities and define them. Therefore, during the interviews the interviewees are asked for their definition of a smart city, in order to assess their perspective to the concept. The definition of smart cities used in this research is shown in the box below.

Smart city definition:

A place that tries to address and solve functionality problems of urban areas, by the means of information driven technologies.

2.1.2. Cyber security

The concept of cyber security is a specific part of the broader concept of security. Security in a general way can be seen as “a low probability of damage to acquired values” (Baldwin, 1997, p.13). In the case of cyber security, the acquired value is cyberspace. The best explanation of cyberspace is: “a multilevel ecosystem of physical infrastructure, software, regulations, and ideas” (Deibert & Rohozinski, 2010, p.45). Cyberspace itself is not what needs to be protected, in a direct sense. It is the data/information in cyberspace that needs to be protected against damage. Therefore, cyber security and information security are very similar, only the information is digital (von Solms & van Niekerk, 2013). Cyber security tries to protect the three

11 properties of information in the digital domain. Lundgren and Möller (2019) define the three properties as follow:

• Confidentiality is the property that ensures that information cannot be accessed by unauthorised people or organisations.

• Integrity is the property that ensures that the information is correct and complete. • Availability is the property that ensures that the information can be used and accessed

by people or organisations with the right authorisation.

The definition of the cyber security concept is again difficult to determine, due to a lack of consensus of the definition of cyber security (Luiijf, Besseling & de Graaf, 2013; Craigen, Diakun-Thibault & Purse, 2014). The different perceptions of cyber security are caused by the different ways in which someone can use cyber security in cyberspace (Bayuk et al., 2014). Cyber security can be used completely in the digital domain, but also in the interaction between physical attributes and the digital domain, just like in a smart city (Bayuk et al., 2014). The Dutch definition of cyber security is: “to be free from danger or damage due to the disruption or destruction of ICT, or due to the abuse of ICT” (Luiijf et al., 2013, p.6). The key elements of this definition are: disruption, destruction, and abuse. These key words describe ways to harm the information properties described by Lundgren and Möller.

A more general definition of cyber security is that: “cyber security refers generally to the ability to control access to networked systems and the information they contain” (Bayuk et al., 2014, p.1). This definition connects cyber security directly with information security, by mentioning the assets that need to be protected by controlling access to its digital location.

Craigen et al. provides a less general definition of cyber security. Craigen et al. (2014) state that cyber security aims to protect property rights from misalignment. This description directly refers to the criminal intent of cyber security threats. Cyber security itself is: “the organization and collection of resources, processes and structures to protect cyberspace and cyberspace-enabled systems” (Craigen et al., 2014, p.17). This definition can be linked to the concept of smart cities. The smart city consists of digital networks for the exchange of information. This information can be collected by devices in the public space, such as camera’s, sound sensors, smell sensors, etc. These systems are connected to cyberspace in order to communicate their data. Therefore, this definition touches the essence of the smart city, because the smart city consists of cyberspace and cyberspace-enabled systems.

12 All three definitions contain some key elements that relate to the smart city. The cyber security definition used in this research is the result of combining the previously mentioned definitions and the three properties of information security. The box below shows the definition of cyber security used in this research.

Cyber security definition:

Controlling and regulating all the resources that are used to safeguard the confidentiality, integrity, and availability of digital information in cyberspace.

2.1.3. Critical urban infrastructures

Infrastructures are called critical when their functionality is classified as vital for a society (Lis and Mendel, 2019). These infrastructures can be managed on the national level by national governments. For example, the national gas production, transportation and distribution of the Netherlands are part of the national critical infrastructure according to the NCTV (n.d), the Dutch National Coordinator for Security and Counterterrorism. The counterpart of the national critical urban infrastructures are the critical urban infrastructures on the local level, sometimes also mentioned as local critical infrastructures. These critical urban infrastructures are managed by local governments due to their responsibility to maintain public order (Gemeente Amsterdam, 2019(b)). However, most of the times local government is not primary responsible for local critical infrastructures but is closely involved (Gemeente Amsterdam, 2019(b)).

Critical urban infrastructures are the basic elements, services, and goods that are needed for the functioning of cities, urban areas, communities or societies (Steele, Hussey & Dovers, 2017). The critical national infrastructures seem to be more important than the local ones, because their impact is noticeable on a bigger scale. However, due to “high population densities in cities, and the increasing interconnectedness of the services and supply chains that sustain them, mean local infrastructure is equally important” (Rogers et al., 2012, p.73). In addition, the system of critical infrastructures is highly complex; local and national critical infrastructures are directly connected with each other (Baloye & Palamuleni, 2017). Therefore, problems on the local level can have consequences on the national level. Furthermore, local urban infrastructures can have a defining impact on a city. The planning and design of urban infrastructures determine the shape of a city (Steele & Legacy, 2017).

There are multiple critical urban infrastructures present in cities. According to Rogers et al. (2012) the provision of utilities to the inhabitants is part of the critical urban infrastructure. In addition, the sewage systems are also considered to be part of the critical urban infrastructure,

13 just like the local road network of a city. The previous mentioned critical urban infrastructures are all part of the “‘hard’ physical infrastructure” (Rogers et al., 2012, p.73). The ‘hard’ physical infrastructures are physically present in urban areas, although sometimes they are hidden from the sight of the public. For example, sewage pipes, water pipes, or electricity cables are all buried in the ground, but still have a physical presence. However, there are also critical infrastructures that do not need to have a physical presence. Such a critical local infrastructure is the infrastructure for the emergency services. This research focusses on both ‘hard’ physical infrastructures and ‘soft’ physical infrastructures. Taking into account all the parts and definitions of critical urban infrastructures result in a definition that is used in this research. This definition is shown in the box below.

Critical urban infrastructures definition:

Critical urban infrastructures are elements of the infrastructures that are crucial for the functionality of city, urban area, or community, for which local authorities bear responsibility.

2.2. Theoretical framework

A theoretical framework is needed to assess the data of this research. The conceptualisation of the previous section helps to create a theoretical framework relating to the three key concepts. This section discusses the existing cyber security frameworks and a cyber security framework specially designed for this research.

2.2.1. Existing cyber security frameworks

There are multiple cyber security frameworks available for the cyber security of organisations, or processes. The framework of the US National Institute of Standards and Technology (NIST) is one of the well-known frameworks within the cyber security field. The NIST framework distinguishes five functions of cyber security: identify, protect, detect, respond, and recover (Kott & Linkov, 2018; Ibrahim, Valli, McAteer & Chaudhry, 2018). This framework is used to manage the cyber security of an organisation, by following the steps of the framework. The first step is creating a culture within the organisation that can manage cyber security risks (NIST, 2018). The second step is creating security measurements to protect critical services (NIST, 2018). Step three is creating systems and procedures to identify cyber security incidents (NIST, 2018). The fourth step is correctly responding to the incident (NIST, 2018). The fifth step is creating resilience for future incidents and recover to the situation before the incident (NIST, 2018). This framework is helpful to assess current cyber security contexts and search for

14 possible improvements of the cyber security of an organisation (Ibrahim et al., 2018). However, this framework assesses the implementation of cyber security in organisations at a high-level (Ibrahim et al., 2018). The NIST framework provides guidelines and standards for cyber security. This does not suit the approach of this research, which is to be less abstract and increases the in-depth knowledge about the cyber security within the smart city concept. In addition to the NIST framework, there are more cyber security frameworks that provide guidelines and standards. According to Ibrahim et al. (2018, p.5184) other frameworks are for example;

• Committee of Sponsoring Organizations of the Treadway Commission (COSO) • CouncilonCyberSecurityTop20 Critical Security Controls (CCSCSC)

• ISF Standard of Good Practice (SoGP)

• ETSI Cyber Security Technical Committee (TC Cyber)

• North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) version 5

These frameworks have the same shortcomings as the NIST framework, but they are rather generic and provide guidance instead of clear criteria, which is needed during this research. However, the NERC-CIP can be interesting due to its focus on critical infrastructures.

The NERC-CIP version 5 is affective since 2015 and is a framework that focusses on critical infrastructures and mainly on electric infrastructures (Christensen, Martin, Gantumur & Mendrick, 2019). NERC-CIP consists of 11 standards (Ruland, Sassmannshausen, Waedt & Ziviv, 2017). These standards cover a wide range of cyber security related topics, such as personnel & training, incident reporting and response planning, and information protection (NERC, 2019; Ruland et al., 2017). The NERC-CIP framework describes that these standards needs to be implemented but does not say how it need to be done. Therefore, the generic character of the NERC-CIP does not suit the purpose of this research.

Another framework that can be applied within the cyber security field is the Resilience Matrix Framework. This framework is a combination between the NCW doctrine for warfare and the NAS framework for disaster resilience (Linkov et al., 2013b). The Resilience Matrix Framework consists of four domains and four stages (Linkov et al., 2013a). The domains originate from the Network-Centric Warfare (NCW) doctrine. This doctrine does not relate to cyber security, but to information security. The purpose of this doctrine is to create situational awareness amongst individuals in a combat environment (Linkov et al., 2013b). The doctrine

15 consists of four domains: the physical domain, informative domain, cognitive domain, and social domain (Linkov et al., 2013b). The physical domain consists of technologies that translate observations into information for the information domain. This domain is used to process the input and store this information. The cognitive domain makes sense of the output of the information domain. The last step of the doctrine is to share the cognitive knowledge with others in the social domain (Linkov et al., 2013a). The Resilience Matrix tries to distinguish these four domains also in cyber security related incidents.

However, the NCW doctrine is not sufficient on its own. The matrix also uses the four stages of the National Academy of Sciences (NAS) framework for resilience: plan/prepare, absorb, recover, and adapt (Linkov et al, 2013a). The NAS framework originates from disaster resilience (Linkov et al, 2013b). The planning and preparing stage is the basis of resilience during an event, disaster or cyber-attack. Absorbing the situation is important for critical parts of the systems to keep functioning, while affected parts are being contained. After this stage comes the recover, when everything goes back to the pre-event situation. It is important to learn from events, disasters or attack in order to be resilient. This is done during the adaption stage (Linkov et al, 2013b). The Resilience Matrix combines the NCW doctrine and the NAS framework into a matrix to assess cyber security in each domain during a full resilience cycle.

The Resilience Matrix focusses on the overall cyber security resilience, in a situation where the cyber security threat is known. As such, this matrix is not applicable to this research, which focusses on the exploration of the cyber security threats of smart cities in the future. Therefore, these two frameworks of the matrix are not suited for this research because they are reviewing existing systems. Little is known about the resilience of smart city systems. These frameworks can be used in a later state, to evaluate the cyber security of operating smart city systems.

Just like the first two frameworks, most frameworks are focused on general cyber/information security. The frameworks are so generic that they can be used for multiple purposes and for multiple situations. However, the security framework of Posthumus & von Solms (2004) is more applied and divides information security into a management side and a governance side. The governance side focuses on the vision, strategy and mission of information security. This division of the information security concept can be applied on the cyber security concept, due to the similarities of both concepts which is mentioned in section 2.1.2. Cyber security. Pardini, Heinisch & Parreiras (2017) also divide cyber security into a governance part and a management part. The management side of cyber security is not relevant for this research, because the focus lies on a single organisation in this part. A city is not just

16 one governmental body; it consists of a network of organisations. Especially in the critical infrastructures, the utility companies, local government, and national government are working together. This division is a good starting point, however solely using this subdivision does not help in the assessment of the cyber security of critical urban infrastructures in smart cities.

An operationalisation of the risks for smart grids is made and divided in four vulnerability categories: “Actions of People, System and Technology failures, Failed Internal Processes, External events” (Pardini et al., 2017, p.388). These categories are in line with the vulnerabilities of Kitchen and Dodge (2019). They distinguish five types of cyber security vulnerabilities of smart city technologies: software, hardware, complexity, domino effect, and humans (Kitchin & Dodge, 2019). The first three vulnerabilities categories of Pardini et al. correspond with the vulnerabilities of Kitchin and Dodge. The only difference is the external events category. These categorisations of cyber security vulnerabilities are possible gateways into smart city systems, better known as attack vectors. The definition of an attack vector is: “the channel, mechanism or path used by an attacker to conduct an attack or to attempt to circumvent system controls” (Roberts, 2007, p.14).

In addition to the attack vectors, Rehman & Gruhn, (2018) also divide the cyber security into three layers: physical, network, and application. The physical layer is the part of a system that is in direct contact with the world outside of the system. An example is a camera in the context of a smart city. The application layer is the interaction layer between the user and the systems, for example the app on a mobile phone for regulating the lights in a house. Between these two layers is the network layer that transports information between both layers (Petrolo, Loscrì & Mitton, 2017). Examples within this layer is a server for a smart city system (Rehman & Gruhn, 2018). This division divides the vulnerabilities of smart city systems on a higher level than the previous mentioned attack vectors. The frameworks for the vulnerabilities of cyber security are both suitable to use as parts in a framework for this research. However, alone they do not cover enough of the cyber security of critical urban infrastructures in smart cities.

The last cyber security frameworks could provide more body to the previous framework to create a more comprehensive cyber security framework. The focus of the last frameworks is on the criminal intent of cyber-incidents and the modus operandi of cyber criminals. Rehman & Gruhn (2018) list multiple cyber security threats: Eavesdropping, Compromised-Key Attack, man-in-the-Middle Attack, Denial-of-Service Attack, Physical Attack, Unauthorized Access, Radio Frequency Jamming, and Protocol Failures. The list is confirmed and supplemented by other scholars. The list can be extended by the following threats: Spoofing, Malicious code, and

17 Phishing (AlDairi & Tawalbeh, 2017; Jin et al., 2016; Baig et al., 2017). Table 2 explains each attack possibility. These frameworks show the diversity of attacks that attackers could use during a cyber-attack. In combination with parts of the other frameworks these attack frameworks are useful to assess the cyber security of critical infrastructures in smart cities

This section shows that there are multiple ways to assess cyber security. Most of the frameworks overlap slightly with each other, but also show differences in their structure, dimensions, categories, or purpose. The next section is used for the creation of a suitable tailormade theoretical framework for the research of this thesis.

18

TABLE 2:EXPLANATION DIFFERENT CYBER-ATTACKS

Attack Explanation

Eavesdropping Intercepting data traffic (Rehman & Gruhn, 2018)

Compromised-Key Attack Getting an access key to a system (Rehman & Gruhn, 2018)

Man-in-the-Middle Attack Incepting data traffic between two nodes and forwarding false data (Rehman & Gruhn, 2018)

Denial-of-Service (DoS) Attack

Distributed Denial-of-Service (DDos) Attack

Overflooding a system with data for one device (Rehman & Gruhn, 2018)

Overflooding a system with data from multiple devices (Shinde & Parvat, 2016)

Physical Attack An attack on physical assets (Rehman & Gruhn, 2018)

Unauthorized Access Acquiring access to secluded information (Rehman & Gruhn, 2018)

Radio Frequency Jamming Disturbing physical communication lines (Rehman & Gruhn, 2018)

Protocol Failures Disturbances created by triggering protocols that contain a failure (Rehman & Gruhn, 2018)

Spoofing Intercepting data with the aim of copying and unravelling the data before sending it to the receiver (AlDairi & Tawalbeh, 2017)

Malicious code Software that aims to attack and harm other software (Kramer & Bradfiled, 2010).

Phishing “Impersonate trusted reputable party for gaining critical

information” (AlDairi & Tawalbeh, 2017)

2.2.2. Cyber security framework for this research

The previous subsection shows different cyber security frameworks that are not suitable for this research. However, as mentioned in the previous section parts of these frameworks can be used with some alterations, in order to create a cyber security framework that suits the purpose of this research, to explore the cyber security of critical urban infrastructures in smart cities. The framework of this research tries to cover a broad spectrum of the cyber security of smart cities. The framework starts with the purpose of cyber security: controlling, regulating, and safeguarding digital information in cyberspace, according to the previous formulated definition in subsection 2.1.2 Cyber security. Haber & Hibbert (2018) describe the attack chain of a cyber-

19 attacks which aims to disturb the safeguarding of digital information in cyberspace. The attack chain starts with vulnerabilities, such as an attack vector. The second stage is the exploitation of the vulnerability by enabling a cyber-attack. The end result of the attack chain is the corruption of data, which influences the cyber security properties of the data. The scope of the attack chain suits the purpose of this research, it shows the cyber security vulnerabilities of smart city technologies. In addition, it gives insights in which cyber-attacks can be used when these vulnerabilities are exploited. In line with the cyber-attack chain, the framework that suits this research consists of three main pillars: vulnerabilities, cyber-attacks, and cyber security properties.

The first pillar of the framework is the vulnerability pillar. Cyber security vulnerabilities can be assessed in two ways according to the previously discussed frameworks: attack vectors and system layers. In the framework of this research both ways are considered to be sub-pillars of the first pillar. The first sub-pillar is the attack vector pillar. This sub-pillar shows which attack vectors are possible within a smart city system. The dimensions of the vulnerabilities are: software, hardware, complexity, domino effect, human, and external events (Dodge & Kitchin, 2019; Pardini et al., 2017). The second sub-pillar is the system layer pillar. This sub-pillar shows where cyber security threats are located within the system layers of smart cities systems. Again, this pinpoints the cyber security weaknesses of smart city systems. The dimensions of the layers are: the physical, network, and application layer (Rehman & Gruhn, 2018). These three dimensions fit the research topic of this research: critical urban infrastructures in smart cities. The systems of these infrastructures are present in each layer. For example, mobility; physical parts are the traffic lights, the network part is data storage of vehicle accounting, and the application layer is a navigational app. The purpose of the first pillar of this theoretical framework is to assess vulnerable smart city systems and technologies in a broad sense by using the two sub-pillars. This way the chance of overlooking vulnerabilities decreases.

The second pillar of this framework is the cyber-attack pillar. This pillar shows which attack possibilities are more prominent for exploiting vulnerabilities in smart city systems. The dimensions of these attacks are: eavesdropping, compromised-Key Attack, man-in-the-Middle Attack, Denial-of-Service Attack, Physical Attack, Unauthorized Access, Radio Frequency Jamming, protocol Failures, spoofing, malicious code, and phishing (Rehman & Gruhn, 2018; AlDairi & Tawalbeh, 2017; Jin et al., 2016; Baig et al., 2017). Table 2 in the previous section explains each attack type. The second pillars seek to identify the modus operandi of smart city cyber-attackers.

20 The third and last pillar of the framework is the cyber security properties pillar. The last couple of years data protection has become very important, due to data protection legislation (Haber & Hibbert, 2018). The European Union introduced in 2016 the General Data Protection Regulation (GDPR) (European Union, 2016). The GDRP and the Dutch equivalent of it, the ‘Algemene verordening gegevensbescherming’ (AVG), increase the importance of data protection. The third pillar provides insights into the importance of the cyber security properties in critical urban infrastructures of a smart city. As mentioned in subsection 2.1.2, Cyber

security, Lundgren and Möller (2019) define three security properties in the digital domain;

confidentiality, integrity, and availability. These three properties are better known as the CIA triad (Sherman et al., 2018). The CIA-triad is important for the protection of data according to the data protection legislations (Haber & Hibbert, 2018). In addition, the ICT devices in smart cities are part of a cyber-physical system, and their importance is increasing especially in critical urban infrastructures in the hard domain (HSD, 2019). Therefore, an extra cyber security property can be added: authentication (Rehman & Gruhn, 2018). Cyber physical systems are hybrids between cyber networks and physical elements (Mosterman & Zander, 2016). Yan, Qian, Sharif & Tipper (2012) also describe authentication as a requirement, and do not mention availability. The authentication property is the “determination of the true identity of a communication system participator and mapping of this identity to a system-internal principal” (Yan et al., 2012, p.1002). The four cyber security properties, confidentiality, integrity, availability, and authentication are the dimensions of the third pillar.

All the three pillars combined form a theoretical framework for the assessment of the cyber security of critical urban infrastructures in smart cities. This framework explores the Achilles heel of smart cities with enough depth to pinpoint specific weaknesses. In addition, this framework treats the whole attack chain of a cyber-attack. This ensures that other frameworks that prepare organisation for incidents, such as the NIST and NERC, can be used to prevent future cyber incidents. This framework in combination with this research contributes by making an inventory of vulnerabilities before massive smart city systems are implemented. A graphical representation of the theoretical framework is shown in figure 2.

21

22

3. Methodology

This chapter discusses the methodology of the research of this thesis. The methodology chapter starts with section 3.1 Research design, which explains the research design of this thesis. The next section, section 3.2 Data collection, discusses the data collection of this research. This section is followed by section 3.3 Operationalisation, which elaborates the operationalisation of the three key concepts mentioned in chapter 2. Theory. The fourth section of this chapter, section 3.4 Reliability and validity, describes the reliability and validity of the research. This chapter is wrapped up by section 3.5 Limitations, which discusses the limitations of the chosen methodology.

3.1. Research design

The cyber security of smart cities is a rather new research topic and therefore relatively little academic literature is published about it. The most suitable research design for this research is an exploratory research design. Exploratory research is ideal for researching new uncharted research topics where previous research is little or non-existent (Brown, 2011; Patton, 2002).

The data sources are limited, due to the novelty of the research topic. The data is limited to a small amount of research reports and policy documents. However, an increasing amount of people is involved in smart city projects, for research or policy purposes. These people form a great new data source in this field of study. In-depth interviews are needed to extract the knowledge from these experts in the field of smart cities. Not everyone involved in smart cities is suitable to be interviewed for this research. Only a subsection of the entire group is relevant: the subsection specialised in the cross-section between smart cities and (cyber) security. This research uses both the limited amount of policy documents and expert interviews to answer the research question.

The two data sources, in-depth interviews and written documents, are characteristics of qualitative data for qualitative research (Patton, 2002). Furthermore, explorative research is seen as part of qualitative research (Stebbins, 2001). Therefore, the nature of the study of this research is a qualitative exploratory research. In the end, the nature of this research provides two things. Firstly, the outcomes of the research shall provide more knowledge about the cyber security of smart cities. Secondly, the fuzziness surrounding the knowledge gap shall be clearer, and therefore more precise follow-up studies can be formulated.

23

3.2. Data collection

As mentioned in the previous section the data collection consists of two data sources: documents and interviews. The two data sources can be divided into primary source data and secondary source data. The primary source data is collected while interviewing experts in the field of cyber security and smart cities. Subsection 3.2.1 primary source data: Interviews, discusses the primary source data collection. The secondary source data of this research are policy documents of Dutch municipalities and research reports about the cyber security of smart cities. Subsection 3.2.2 Secondary source data: policy document, discusses the secondary source data.

3.2.1 Primary source data: Interviews

Elite interviews are the primary data source of this research. These interviews with experts in the field of cyber security and smart cities complement the knowledge gaps in the academic literature. In addition, the interviews give insights in the most recent developments within the field of smart city technology in the Netherlands. The theoretical framework of this master thesis is used to assess the current and future cyber security of smart city systems in the Netherlands, according to the experts. Each interview is audio recorded and transcribed. All the transcripts of the interviews of this research are excluded from this master thesis. They can be found in a separate non-publishable attachment, in order to preserve the anonymity of the interviewees, which is agreed on before the interview. Each participant of this research has signed a consent form before the interview. The transcripts of the interviews are analysed with the help of a coding scheme. The next section, 3.3 operationalisation, discusses the coding scheme in further detail. The generic findings of the coding scheme are presented in the tables of appendix C.

The style of the interviews is semi-structured because of the complexity of the topic and the limited body of knowledge of the topic. An unstructured interview style is recommended, if the researcher does not have sufficient knowledge about the research topic (Leech, 2002). In this research, the researcher has more than basic knowledge about the topic; therefore, an unstructured interview is not desired. The fully structured interview style is recommended when the knowledge of the researcher is very high and specific questions need to be answered (Leech, 2002). This is also not the case in this research. The researcher needs to collect additional information from the experts, which is not highlighted in the current body of knowledge, and is therefore not an expert himself. Therefore, it is decided to conduct the interviews in a semi-structured way, to obtain knowledge to answer some specific knowledge gaps. The semi-structured

24 part of the interviews consists of nine questions, shown in appendix A. All the interviews lasted approximately between 20 to 40 minutes.

The number of interviewees for this research is eleven. The relative novelty of this research topic limits the number of suitable interviewees. In addition, the sensitivity of a research topic, such as cyber security, also decreases the willingness to participate in an interview. Therefore, it is decided to maximize the possible interviews by not selecting interviewees based on predetermined criteria, such as age, gender, profession and origin. The result is that the interviews are not proportionally divided amongst these criteria. For example, out of the eleven interviewees, only two were female.

All eleven interviewees are involved in smart cities or smart city systems, such as smart grids and smart mobility. The eleven interviewees are divided into four categories based on their profession: interviewees working in academia, interviewees working in the field of security, interviewees working for a Dutch municipality and being involved in smart city or security projects, and interviewees working on smart city project for a research institute. These clusters are made to group similar perspective. This way it is easier to spot perspectives that dominate the data, which can influence the data. The group of academics are selected from two different universities and three faculties to increase the range of perspectives. This research focusses on two of the Dutch universities that are involved with the research within the field of cyber security and smart cities: the Technical University Delft, and the University of Amsterdam. The second cluster consists of professionals working for the Dutch National Police and professionals who are seconded to other organisations on behalf of the Dutch National Police, such an organisation is the Dutch Institute for Technology, Safety & Security (DTISS). The third group consist of two (cyber) security advisors in Dutch municipalities: The Hague and Utrecht. The last cluster consists of two persons working for the Dutch research institute TNO. Table 3 shows the details of the interviews.

TABLE 3:INTERVIEW DETAILS

Number Date Location Profession Duration

#1 12-11-2019 Delft Associate Professor at TPM TU Delft

26:17

#2 05-12-2019 Delft PhD candidate at TPM TU Delft 36:45

25

#4 15-12-2019 Deventer Managing Director national program cooperation criminal law chain at Dutch national police

34:19

#5 16-12-2019 The Hague Strategic Advisor Information Security at TNO

34:54

#6 18-12-2019 The Hague Consultant at TNO 40:36

#7 07-1-2020 Utrecht Program Manager Smart Society at DTISS, seconded from the Dutch national police

44:46

#8 08-01-2020 Amsterdam Strategic Specialist Digital

Transformation at the Dutch national police

39:55

#9 14-01-2020 Utrecht Researcher on the interface between Policy and Operations, Public service and ICT

43:46

#10 20-01-2020 The Hague Strategic Advisor to the CIO of the municipality of The Hague

36:23

#11 30-01-2020 Utrecht Security Advisor of the municipality of Utrecht

35:55

3.2.2 Secondary source data: policy documents

The secondary source data of this research consists of policy documents and research reports regarding smart cities. The policy documents are retrieved from the five biggest cities in the Netherlands (the G5): Amsterdam, The Hague, Utrecht, Rotterdam, and Eindhoven (VNG, 2018). The G5 cities are working on smart city initiatives and are committed to the ‘NL Smart City Strategie’ (HSD, 2016). This strategy is made to align the vision of smart cities within the involved organisations in the Netherlands, mainly governmental bodies. Within this strategy each G5 city is given the responsibility to research a specific aspect of the smart city. The city of Eindhoven is responsibility for the smart mobility theme. The Hague is responsible for safety and security within the smart city. The healthy urban living theme is the responsibility of Utrecht. The theme of the city of Amsterdam is circularity within the smart city. The last theme of the strategy is sustainability, which is given to Rotterdam. (VNG, 2018). In addition, policy documents and reports of organisations closely involved in the smart city initiatives in these

26 cities are also reviewed. These organisations are: The Hague Security Delta, and VNG. All the secondary source documents are open source documents.

The content of the documents is analysed in the same manner as the interviews. This research is looking for the contradictory or confirming messages in both the interviews and documents. The analysis of the content shows the same characteristics as the interviews. Both use a coding scheme to filter out certain messages from the text (Stemler, 2001). Therefore, the coding scheme of the interviews and content analysis are the same. Subsection 3.3.2 coding

Scheme of the data, elaborates the coding scheme in further detail.

3.3.

Operationalisation

The operationalisation of this research consists of indicators that are related to the sub-questions of this research. Subsection 3.3.1 Indicators discusses these indicators that are used to analyse the data sources. A coding scheme is made for the analysis of the data of this research. Subsection 3.3.2 Coding Scheme of the data explains the structure of the coding scheme.

3.3.1. Indicators

The indicators of this research consist of recognizable elements of the sub research questions and the theoretical framework. This research uses six indicators. The first two indicators are: 1) the advantages and 2) disadvantages of smart city systems. All the positive and negative statements about the smart city are considered to be part of these indicators. Sub-indicators are not applicable for these two indicators, because the difference between an advantage and a disadvantage is quite clear. The next three indicators are based on the theoretical framework of this research. The dimensions of the framework are the same as the dimensions of the indicators. The indicators are: 3) importance of cyber security properties, 4) cyber security vulnerabilities, and 5) the possible cyber-attacks. The fourth indicator has two sub-indicators that correspond with the system layer and attack vector sub pillars of the theoretical framework. The fifth indicator concerning the possible attacks on smart city systems does not have dimensions. Although the framework mentions dimensions within this pillar, it is decided to leave them out due to the fact that there are numerous kinds of cyber-attacks and that there are too many to list them all. However, they are still signal words for this indicator. The sixth indicator is a prediction of the cyber security level of smart cities. There are three predictions possible: the level stays the same, the level increases or decreases. Therefore, these three options are considered the dimensions of the sixth indicator. All the indicators, sub-indicators and dimensions of this research are shown in table 4.

27

TABLE 4:OVERVIEW OF THE INDICATORS, SUB-INDICATORS AND DIMENSIONS OF THIS RESEARCH. Mean indicator Sub-indicator Dimension Advantages of smart city systems N/A N/A

Disadvantages of smart city systems N/A N/A

Importance of the cyber security properties N/A Confidentiality Integrity Availability Authentication

Cyber security vulnerabilities of smart city System Physical Network Application Attack vector Software

Hardware Complexity Domino-effect Human

External event

Possible cyber-attacks on smart city systems N/A N/A

Prediction of the cyber security level in smart cities N/A Increase Decrease Unchanged

3.3.2. Coding Scheme of the data

The coding scheme of the interviews consists of the different indicators mentioned above. Each indicator is assigned to a particular colour in order to mark related statements in the transcripts of the interviews. The cyber security vulnerabilities of smart cities indicator consist of two sub-indicators: the attack vectors and the system layers. It is decided to combine them because they both relate to cyber security vulnerabilities. The coding scheme consists of two parts: the indicator, as mentioned above, and the matching dimensions. These dimensions are used to identify statements that are related to the codes. An extra code is added in the scheme to highlight useful or interesting information, but which is outside of the scope of the indicators. This code is named extra information. The scheming code is shown in table 5 in appendix B.

28

3.4.

Reliability and validity

The research design of this thesis is setup in such a way that the reliability and validity of the research is guaranteed. Both the validity and the reliability are important aspects and must be taken into account in the research design. The reliability determines to what extent the research outcomes stay the same when the study is repeated at another moment in time (Kirk & Miller, 1986, p.18). The validity says something about the correctness of the outcomes of the research (Kirk & Miller, 1986, p.18). The validity of this research is split into three kinds; construct validity, internal validity, and external validity. Subsection 3.4.1 Construct validity discusses the construal validity of this research. Next, subsection 3.4.2 Internal validity explains this research internal validity. The external validity of this research is discussed in subsection 3.4.3 External validity. Finally, subsection 3.4.4 reliability discusses the reliability of this research.

3.4.1. Construct validity

Construct validity is the extent to which the dimension of the observed outcomes is the same as the, at forehand, expected outcomes (Markus & Lin, 2012). The construct validity of this research is guaranteed through the interviews. The first interviewee question is; the definition of a smart city according to the interviewee. The result of this question is that it is a quick check if the interviewee uses the same definition of a smart city as this research uses. In addition, it also helps to compare particular perspectives with each other. Another measurement to increase the construct validity of this research is explaining the research and the purpose of the research before the start of the interview.

3.4.2. Internal validity

Internal validity is the extent to which the observed phenomenon can be attributed to measured variables (Broniatowski & Tucker, 2017), in this case: the smart city. Therefore, it is important to isolate the influence of the smart city on the cyber security of critical urban infrastructure. The internal validity of this research is embedded in the research itself. This research attempts to find the direct influence of the smart city on the cyber security of critical urban infrastructures. The ‘pre-smart-city’ cyber security level is being compared to the cyber security level after the implementation of a smart city.

3.4.3. External validity

External validity is the extent to which the outcomes of the research can be generalised to other cases (Broniatowski & Tucker, 2017). The theoretical framework of this research can be used to assess other projects where smart technologies are implemented into a critical infrastructure. Therefore, the external validity of the framework shall be sufficient. However, the external

29 validity of the outcomes of the analysis of this research is not sufficient. The conclusions of the analysis are only applicable on the case of smart cities and critical urban infrastructures.

3.4.4. Reliability

Reliability of research is the repeatability and constancy of the research if it is conduct in a similar way (Hernon & Schwartz, 2009). The research design of this research tries to make this research as reliable as possible. An important part of this is the justification of the research choices. Each research choice is going to be justified in a clear manner. In addition, it is also important to describe how the research is done. This thesis describes the construction of the theoretical framework and the analysis in a detailed manner, in order for other researchers to repeat the study. However, the literature study of this thesis can influence the reliability of this research. There is a chance that some literature is overlooked in this study or that literature is not written in English or Dutch and therefore not included. The use of the secondary data is an attempt to reduce this chance.

3.5. Limitations

The research design of this research has its limitations. The explorative component of this research is based on estimates of future developments in the field of cyber security and smart cities. However, these developments are estimated from the present future perspective. In this way the near future is more predictable, because the starting point of the scenario is based on the current situation. It is more difficult to predict beyond the foreseeable future.

The use of interviews entails another limitation: the biasness of the outcomes of the interviews (Beamer, 2002). It is hard to fully eliminate biased outcomes from an interview. The research design of this thesis tries to minimalize biased outcomes by interviewing at least two experts from the same field of expertise, using the same semi-structured interview questions in each interview, and by taking into account the perspective of the interviewees during the analysis of the interviews.

The last limitation is the willingness of the interviewees to talk about security sensitive topics. Security experts do not want to reveal their modus operandi for securing critical infrastructures. This limitation cannot entirely be avoided. However, this research tries to avoid the direct question about the modus operandi of these organisations and focuses more on the impact than on the technical security measurements. Furthermore, the transcripts of the interviews are made completely anonymous and are not being published.

30

4. Analysis

This chapter discusses the analysis of the expert interviews, and documents. The data of the interviewees and documents are analysed with the framework constructed in subsection 2.2.2.

Cyber security framework of this research, and the current academic body of knowledge.

Therefore, the usefulness of the constructed framework comes to light. During the analysis four findings came forward. Section 4.1 Increasing risks, discusses the increasing risks due to the increase in smart city technology. The following section, section 4.2 Complexity and humanity:

the weakest link, explains the vulnerabilities of smart city systems from both a system layer and

an attack vector perspective. Section 4.3 No limits to the attacks, discusses which cyber-attack poses a threat to the smart city. The last section, section 4.4 The everlasting arms race, explores the future of the cyber security of smart cities. The quotes in the analysis with ‘Transcript’ as source are from the separate transcript attachment of this research.

4.1. Increasing risks

The implementation of smart cities has both advantages and disadvantages. From a cyber security perspective however, there are only disadvantages (interviewee 1, Transcripts, p.2). The expert interviewees expect an increase in cyber security risks when smart city technologies are implemented. All the cyber security risks that are mentioned by the interviewees can be divided into two categories: system security risks and privacy risks. The privacy concerns are actually data privacy issues, which are part of the cyber security of smart city systems (Khatoun & Zeadally, 2017). Therefore, privacy risks can be seen as a form of cyber security risks. Privacy is defined as: “the ability of an individual to be left alone, out of public view, free from surveillance or interference from others (individuals, organizations or the state) and in control of information about himself” (Bojanić et al., 2012, p.92). The theoretical framework of this research can be used to label the cyber security properties. This relates to the aspect of privacy in which data cannot be seen by other parties besides the data owners themselves. The third pillar of the framework, cyber security property, consists of four properties: confidentiality, integrity, availability, and authentication. The cyber security property that secures privacy is confidentiality. However, the concepts of privacy and confidentiality cannot be used interchangeably; they are not the same (Bojanić et al., 2012). Confidentiality of data is required to secure the privacy of people, information, and stakeholders within a smart city (Luo, Ren, Hu, Wu & Lou, 2017). Therefore, privacy related issues are problems with the protection of the confidentiality of data of smart city systems.