Smart City Cyber Security

Cyber Security for the development of Smart Cities

  • Photo by Tyler Lastovich on Pexels.com

    This week I attended the MOVE conference, held at Excel London, which was an event focusing on the future of mobility. The conference brought together leading experts, innovators, and thought leaders from various industries, including transportation, technology, and urban planning. The event focused on solutions for transportation challenges in an increasingly connected world. Overall, I was impressed with the few hours I had to walk around and speak to vendors I was interested in. I didn’t find any companies dealing specifically with semantic solutions for smart city mobility which would have been nice.

    MOVE conference featured speeches, panel discussions, and interactive sessions. The topics covered a wide range of subjects, including electric and autonomous vehicles, smart cities, mobility-as-a-service (MaaS), urban air mobility, and sustainable transportation solutions.
    The conference also had a wide range of discussions on the integration of emerging technologies like artificial intelligence, Internet of Things (IoT) in transforming the way people and goods move within cities and across regions.

    Here is a link to the MOVE Conference website as they may provide information on the speakers and sessions held this week.

  • Photo by Tyler Lastovich on Pexels.com

    To follow on from the previous post, an application ontology is a structured representation of knowledge within a specific application domain. It captures the concepts, relationships, and properties relevant to the domain and provides a common understanding of the data and its context. If we consider the broad Risk and Threat Domains application ontologies are able to focus on very specific areas within these domains. Here are three example Use Cases of where Application Ontologies can provide decisions support.

    1. Risk, Situation Awareness and Contextual Dependency:
      The interpretation and significance of an incident depend on the specific context in which it occurs. The same event may be considered an incident in one situation while being considered normal in another.
    2. Threat Observations and Indicators:
      Incidents can be observed, detected, or reported through various means such as monitoring systems, sensors, human observation, or incident response mechanisms. The ability to understand the meaning of certain Indicator types to detect and respond to incidents is crucial for managing and mitigating their effects.
    3. Incident Response:
      Incidents often trigger an incident response process aimed at identifying, analysing, containing, and resolving the issues caused by the incident. Incident response involves various actions, such as investigation, containment, recovery, and preventive measures to minimise the impact and prevent future incidents.

    Application Ontologies will help to focus and restrict Smart City Cyber Security Decision making. Here are some examples of competence questions they will need to cover:-

    1. What are the critical assets and infrastructure within a smart city that require security measures?
    2. What are the potential threats and risks faced by a smart city in terms of cyberattacks, physical security breaches, and other security incidents?
    3. What are the vulnerabilities and weaknesses in the smart city’s technological systems and networks?
    4. What are the security controls and countermeasures in place to protect the smart city’s assets and infrastructure?
    5. How is access control managed within the smart city, including authentication, authorisation, and secure communication?
    6. What are the incident response procedures and protocols for detecting, mitigating, and responding to security incidents in a smart city?
    7. How is data privacy and protection ensured within the smart city, including handling personal and sensitive information?
    8. What are the compliance requirements and regulations that the smart city must adhere to in terms of security and privacy?
    9. How are security risks and threats assessed and evaluated within the smart city, including risk management processes?
    10. How is security awareness and training provided to individuals and organisations operating within the smart city ecosystem?
    11. How are security audits and assessments conducted to identify potential vulnerabilities and gaps in the smart city’s security measures?
    12. What are the partnerships and collaborations established with external entities to enhance the security posture of the smart city?
    13. How is ongoing monitoring and surveillance carried out to detect and respond to emerging security threats and risks?
    14. How is physical security addressed within the smart city, including surveillance systems, access controls, and emergency response plans?
    15. What are the best practices and lessons learned from previous smart city security incidents and implementations?
  • Photo by Tyler Lastovich on Pexels.com

    Part of this POC is to understand how Domain Ontologies such as a Smart City Ontology – and there are a few now in the public domain – can work with specific Application Ontologies such as a Smart City Cybersecurity Ontology. To do that I need to build up particular Competency Questions to help define each ontology and also how they work together. In the process of researching this topic I came across an excellent Blog called:

    Keet blog – research and teaching, with some relevance for society

    I don’t know why I had not come across it before because the Author – Maria Keet – also produced the ebook – An introduction to ontology engineering. It is a great resource and one I am part way through. There is a section devoted to Competence Questions and see this post – Only answering competency questions is not enough to evaluate your ontology

    Whilst the previous paragraph includes a link to say competence questions are not enough I will outline how competency questions play a role in my POC ontology development and their key benefits:

    • Clarifying requirements
      Competency questions help to identify and clarify the specific information needs and requirements of users and user roles. By formulating questions about the domain or application, users can articulate what information they need from the ontology and stakeholders can manage the development and changes..
    • Guiding ontology design
      Competency questions provide guidance for designing the ontology structure and content. A Smart City is very diverse and an ontology could become very large if not controlled. It should aim to define the key concepts, relationships, and properties that need to be modelled in the ontology to answer the questions effectively.
    • Scope definition
      Competency questions help define the scope of the ontology by specifying the domain or application areas that need to be covered. They provide a clear understanding of what aspects of the domain or application are relevant and should be included in the ontology.

    Here is my initial list of competence questions for a Smart City Ontology:

    1. What are the key components and infrastructure of a smart city?
    2. How are the different elements of a smart city interconnected and dependent on each other?
    3. What are the various domains and sectors addressed within the smart city context?
    4. What are the specific goals and objectives of a smart city initiative?
    5. What are the key stakeholders involved in the planning, implementation, and management of a smart city?
    6. What are the main challenges and barriers faced in the development and operation of a smart city?
    7. What are the technological solutions and innovations utilised in a smart city?
    8. What are the potential benefits and impacts of a smart city on society, the economy, and the environment?
    9. How are data and information managed, secured, and shared in a smart city environment?
    10. What are the policies, regulations, and standards governing the operation and privacy aspects of a smart city?
    11. What are the key performance indicators and metrics used to measure the success and effectiveness of a smart city implementation?
    12. How can a smart city be resilient and adaptable to changing circumstances and emerging technologies?
    13. What are the ethical considerations and social implications of implementing a smart city?
    14. How can community engagement and citizen participation be integrated into the development and decision-making processes of a smart city?
    15. What are the potential risks, vulnerabilities, and threats associated with a smart city infrastructure and services?
  • Photo by Tyler Lastovich on Pexels.com

    I am designing a range of domain ontologies which will cover subjects like Risk, Threat, Vulnerability and Asset specifically for Application Ontologies that support Smart City Cybersecurity requirements. The scope of this is as follows:

    Domain Ontology: A domain ontology captures the fundamental concepts, relationships, and properties of a particular domain. It represents the shared understanding of the domain and provides a common vocabulary for describing entities and their relationships. Domain ontologies are often generic and can be reused across multiple applications within the same domain. They serve as a foundation for building application-specific ontologies.

    Application Ontology: An application ontology focuses on a specific application within a given domain. It extends and customises the concepts and relationships defined in the domain ontology to address the specific requirements and characteristics of the application. Application ontologies incorporate domain-specific knowledge and terminology, and they can further refine or specialise the concepts to align with the application’s context and goals.

    1. Alignment and Integration:
      Domain and application ontologies are aligned and integrated to create a coherent knowledge representation. The application ontology builds upon the domain ontology, inheriting its concepts and relationships, and extends or specializes them as needed. This alignment ensures consistency and interoperability between different applications within the same domain.
    2. Customisation and Contextualisation:
      The application ontology tailors the concepts and relationships to match the specific requirements, scope, and objectives of the application. It considers the unique characteristics, processes, and data models associated with the application domain. This customisation allows the application ontology to provide a more precise and relevant representation of knowledge for the specific application context.
    3. Data Integration and Interoperability:
      The alignment of domain and application ontologies enables seamless data integration and interoperability. Data from different applications within the domain can be mapped to the shared ontology, ensuring consistency in data representation and facilitating data exchange and integration. The common vocabulary provided by the ontologies allows applications to understand and interpret data from diverse sources, enhancing semantic interoperability.
    4. Consistency and Standardisation:
      The use of ontologies promotes consistency and standardisation in data modelling and representation. By aligning with the domain ontology, application ontologies ensure that entities and relationships are consistently defined and named across different applications. This consistency enhances data quality, facilitates data governance, and enables effective knowledge sharing and collaboration.
    5. Knowledge Sharing and Reusability:
      Domain and application ontologies promote knowledge sharing and reusability. They provide a shared vocabulary and conceptual framework that enables stakeholders to communicate and collaborate effectively. The ontologies capture domain-specific knowledge and make it explicit, allowing experts to share their expertise and contribute to a collective understanding. The reusability of domain ontologies across multiple applications within the same domain also saves time and effort in ontology development.

    In summary, domain and application ontologies work in tandem to provide a comprehensive and tailored representation of knowledge within a specific domain and application context. They ensure consistency, interoperability, and standardisation, enabling effective data integration, knowledge sharing, and collaboration among users and stakeholders.

  • Photo by Tyler Lastovich on Pexels.com

    Following on from the previous article, Domain ontology are supported by application ontology and work together to provide a comprehensive and context-specific representation of knowledge within a specific domain and its corresponding application.

    Application ontologies provide a particular solution by facilitating data integration, knowledge sharing, and semantic interoperability within cybersecurity knowledge and operations capability. This article explores the concept of application ontologies, their benefits, and their role in enhancing data-driven security applications.

    What are Application Ontologies?

    An application ontology is a structured representation of knowledge within a specific application domain. It captures the concepts, relationships, and properties relevant to the domain and provides a common understanding of the data and its context. Application ontologies are typically built using ontology languages like RDF (Resource Description Framework) or OWL (Web Ontology Language), enabling machine-readable representations of knowledge.

    Uses of Application Ontologies:

    1. Data Integration:
      Application ontologies enable seamless data integration by providing a shared vocabulary and standardising data representation. Different applications can leverage the ontology to align and harmonise their data models, facilitating efficient data exchange and integration across systems. This integration capability enhances data completeness, consistency, and accuracy, leading to improved data-driven insights.
    2. Knowledge Sharing:
      Application ontologies facilitate knowledge sharing by capturing the semantics and relationships between domain concepts. By establishing a common language, ontologies enable effective communication and collaboration among stakeholders. Experts from various domains can leverage the ontology to share their expertise, annotate data, and derive meaningful insights from complex datasets.
    3. Interoperability:
      Application ontologies enhance semantic interoperability by enabling machines to understand and reason about data across different applications. By providing a formal representation of knowledge, ontologies bridge the gap between diverse data sources and enable seamless integration and analysis. This interoperability is particularly valuable in scenarios involving heterogeneous data environments and complex data integration requirements.
    4. Contextual Understanding:
      Application ontologies capture the contextual information associated with data, enabling a deeper understanding of its meaning. The ontology specifies the domain-specific concepts, their properties, and relationships, providing a rich context for data interpretation. This contextual understanding enhances the accuracy and relevance of data analysis and decision-making processes.
    5. Data Governance and Quality:
      Application ontologies play a crucial role in data governance and quality management. By enforcing standardised terminology, ontologies ensure consistent data labelling, categorisation, and representation. This consistency improves data quality by reducing errors, redundancies, and inconsistencies. Additionally, ontologies facilitate data lineage and provenance tracking, enhancing data governance and compliance with regulations.
    6. Scalability and Flexibility:
      Application ontologies are designed to be scalable and flexible, accommodating evolving domain requirements. They can be extended or refined as new concepts or relationships emerge, enabling the ontology to grow and adapt to changing needs. This scalability and flexibility future-proof the ontology and support the integration of emerging technologies and data sources.
    7. Machine Understanding and Automation:
      Application ontologies enable machines to understand and interpret data in a meaningful way. With a well-defined ontology, machines can automatically reason about data, infer new knowledge, and facilitate automated decision-making processes. This machine understanding and automation increase the efficiency and effectiveness of data-driven applications.

    Application ontologies provide a powerful framework for enhancing Smart City data integration, knowledge sharing, and semantic interoperability. By capturing the City domain-specific concepts, relationships, and properties, cyber security ontologies will be able to enable data integration, improve data quality, and enhance contextual understanding. They play a crucial role in enabling effective security information and event processing and triage, workflow and playbook collaboration during incidents, and supporting machine understanding and automation. Application ontologies offer a valuable tool to extract greater value from data assets.

  • Photo by Tyler Lastovich on Pexels.com


    As the Smart City threat landscape continues to expand, it has become increasingly important to employ effective strategies that maximise our understanding of the data we produce. One such strategy is the use of domain ontologies, which play a crucial role in enhancing cybersecurity knowledge and decisions making efforts. I will explore the significance of domain ontologies in the context of cybersecurity and how they contribute to improving threat detection, incident response, and overall resilience.

    1. What are Domain Ontologies:
      Domain ontologies are structured representations of knowledge specific to a particular domain or industry. They capture the concepts, entities, relationships, and rules that govern a given domain, providing a shared understanding and standardized vocabulary. In the context of cybersecurity, domain ontologies serve as formal models that represent the various aspects of the digital landscape, including systems, networks, vulnerabilities, threats, and security controls.
    2. Enabling Threat Intelligence:
      Domain ontologies facilitate the integration and analysis of diverse cybersecurity data sources, enabling the generation of actionable threat intelligence. By formalising the representation of threats, vulnerabilities, and attack patterns, ontologies enhance the ability to detect and respond to cyber threats. They enable the correlation of events, identification of attack patterns, and prediction of future threats based on historical data. This leads to more accurate and timely threat detection, allowing organisations to proactively address security risks.
    3. Supporting Incident Response:
      During a cybersecurity incident, efficient and effective response is critical to minimise the impact and mitigate further damage. Domain ontologies contribute to incident response by providing a common framework for incident reporting, analysis, and decision-making. By representing incident-related concepts, such as indicators of compromise (IOCs), attack vectors, and affected assets, ontologies help in understanding the scope and severity of an incident. This enables faster and more accurate decision-making regarding incident containment, mitigation, and recovery.
    4. Enhancing Security Operations:
      Domain ontologies are valuable in security operations, such as security monitoring, vulnerability management, and access control. They enable the development of context-aware security analytics by incorporating domain-specific knowledge into security systems. Ontologies can be used to model and reason about security policies, access privileges, and user roles, improving the accuracy and effectiveness of security controls. This leads to better identification of anomalies, more targeted vulnerability assessments, and improved enforcement of access rules.
    5. Promoting Interoperability and Collaboration:
      Domain ontologies provide a common language and shared understanding across different stakeholders in the cybersecurity ecosystem. They facilitate interoperability and seamless information exchange between security products, tools, and platforms. Ontologies enable the integration of diverse data sources, such as logs, threat intelligence feeds, and vulnerability databases, fostering collaboration and collective defence against cyber threats. Moreover, ontologies can be shared across organisations and communities, fostering a collaborative approach to cybersecurity.

    Smart City domain ontologies will emerge as valuable assets in the realm of cybersecurity. By capturing domain-specific knowledge, relationships, and rules, they enhance threat intelligence, incident response, and security operations. The use of ontologies promotes standardisation, interoperability, and collaboration, enabling organisations to build more robust and resilient cybersecurity defenses. As the cyber threat landscape continues to evolve, domain ontologies will play an increasingly crucial role in helping organisations stay ahead of adversaries and safeguard their digital assets.

  • Photo by Tyler Lastovich on Pexels.com

    Smart cities are transforming urban landscapes around the world, leveraging the power of the Internet of Things (IoT) to improve efficiency, sustainability, and the quality of life. In this post, I will explore the diverse range of IoT device domains that will form domain ontologies to support cyber security monitoring and detection.

    1. Smart Sensors Domain:
      Smart cities rely on a multitude of sensors deployed throughout the urban environment. These sensors encompass a wide variety of functions, including environmental monitoring, traffic management, waste management, and public safety. Examples include air quality sensors, temperature and humidity sensors, noise sensors, water quality sensors, and smart parking sensors. These devices collect real-time data, enabling city officials to make informed decisions and optimise resource allocation.
    2. Connected Infrastructure Domain:
      IoT devices play a crucial role in managing and optimising various infrastructure systems in smart cities. This includes smart streetlights that adjust their brightness based on ambient light conditions or the presence of pedestrians, smart grids that monitor and regulate electricity consumption, and water management systems that detect leaks and manage water usage efficiently. Connected infrastructure devices enable cities to reduce energy consumption, improve operational efficiency, and enhance sustainability.
    3. Intelligent Transportation Systems Domain:
      IoT is revolutionising transportation in smart cities through connected vehicles and intelligent transportation systems. From traffic monitoring and congestion management to real-time transit information and smart parking solutions, IoT-enabled devices are transforming the way people move within urban areas. Vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication systems enhance safety, optimise traffic flow, and enable efficient transportation planning.
    4. Smart Buildings Domain:
      IoT devices are extensively used in smart buildings to enhance energy efficiency, occupant comfort, and security. Building automation systems leverage sensors and actuators to regulate temperature, lighting, and ventilation based on occupancy and environmental conditions. Smart meters monitor energy usage and enable efficient energy management. Connected security systems provide real-time surveillance and access control, ensuring the safety of residents and assets.
    5. Energy Management Domain:
      Efficient energy management is a crucial aspect of smart cities to power homes, transport and critical services. IoT devices monitor energy usage levels and optimise generation and supply, reducing operational costs and improving management. These devices employ sensors and connectivity to notify energy management personnel of energy supply, demand and consumption patterns.
    6. Public Safety and Emergency Management Domain:
      IoT devices contribute significantly to public safety and emergency management in smart cities. Smart surveillance cameras with video analytics capabilities enhance monitoring and enable rapid response to potential security threats. Connected emergency response systems provide real-time alerts and facilitate coordinated responses during emergencies or natural disasters. Wearable devices and personal safety apps ensure the well-being of citizens by enabling quick communication and location tracking.

    The range of IoT devices deployed in smart cities is vast and continually expanding, encompassing sensors, infrastructure systems, transportation solutions, buildings, energy management, and public safety applications. These devices are interconnected, collecting and exchanging data on a 24/7 basis. To control this diversity and frequently changing architecture a Smart City will use domain ontologies to help improve cyber security monitoring and detection.

  • Photo by Tyler Lastovich on Pexels.com

    The increasing development of cyber-physical technology in a smart city means an equal increase in the threat landscape and risk of cyber attack. The UK Government has recently published an interesting paper on the vision of cyber-physical infrastructure. This PDF covers the diverse range of capabilities offered by cyber-physical technologies including some interesting semantic topics such as Semantic Maps in section 2.1.5

    This vast new landscape will generate a huge amount of data and events, and a major job for City Security is to determine if security events and incidents that occur in apparent isolation or randomness may have something in common and a related objective. This challenge is made more difficult by the diversity of events and incidents in the different city domains and by the fact the domains are now so interconnected. Cloud services and communications technologies are increasingly bridging Industrial Control, Building Control, Edge and IOT devices.

    Smart City technologies will generate vast amounts of data as they go about processing the tasks they are developed to do. At the local level or edge domain, technologies will interact with physical environments supporting citizens, vehicles, infrastructure etc through sensors or connectivity. In the Cloud domain, technologies will collect and process events and transactions and then share output and outcomes back the edge or across multiple Cloud service platforms.

    So how do we begin to process and analyse all of this data and these disparate events? Well, one starting point is to use threat scenarios and threat models, that work across a Mitre Kill Chain process, to help to identify common characteristics and associations.

    This new Proof of Concept (POC) I am developing will use a range of smart city ontologies, standards and cyber security ontologies to help analyse a series of threat scenarios and threat models for the diverse set of smart city technology domains. The POC will build up the means to use semantic decision support techniques to help situational awareness and threat qualification. This decision support will use machine learning and reasoning engines to make projections and inferences about outcomes and courses of action.

    The POC will be developed using Protege and Stardog so that new or existing ontologies can be tailored or prepared to be structured as RDFS and then uploaded into the Stardog platform so that they can integrate with a variety of data sets and virtual graphs. The Stardog platform allows the development of specific and virtual knowledge graphs, machine learning through the training of data sets and a reasoning engine to infer new knowledge outcomes.

    During the development of the POC, I aim to deliver on 3 objectives:-
    1] Build the necessary collection of semantic capabilities to support knowledge graph development, property graph integration and analysis methods of cyber security data.
    2] Identify the right data sets to train with machine learning and integrate those results with ontological models to make associations and inferences to support situation awareness and risk management.
    3] Integrate virtual graphs developed from associated reference data to extend the ontological meaning and reasoning of threat scenarios, events and anomalies.

    If you are interested in looking at other semantic technologies and their capabilities i recommend a fantastic resource on Youtube – IsA Data Thing by Ashleigh Faith, where she reviews a range of applications and offers very good advice.

  • Photo by Tyler Lastovich on Pexels.com


    In 2019/2020 I designed and built a proof of concept for Smart City digital twins, smart city ontologies and smart city cyber security threats between connected vehicles and city infrastructure. The project used smart city domain ontologies for vehicles and city infrastructure in an attempt to build knowledge graph representations of asset-to-asset threats and make associations or inferences of possible outcomes. The ontologies were built using Protege, data was built up in CSV format and the ontologies and data were ingested and analysed by Neo4j Bloom and the Nesosemantic Plugin. I put a PDF overview of the project on this blog.

    In 2022 I am about to revise and update the themes and create a second Proof of Concept project using new ontologies, new data types and new technologies. This time I will develop the POC in Stardog. I also plan to update the Neo4j POC with the new ontologies and data models. Again the theme of this new POC is to look at the application of ontologies to support the analysis of smart city domains and cyber security threats. In addition to the design of the POC, I also plan to see how the emerging Smart City Ontology Standards – as per the symposium – can help in the approach.

  • Photo by Tyler Lastovich on Pexels.com

    Last week i attended the online Smart City Ontology webinar which was arranged over the 22nd and 23rd of September 2022. Here is a link to the Agenda and hopefully, at some point, the recordings or the presented papers will be available. Presentations were provided by several of the Standards working groups and detailed specific project updates, key challenges, development methods and ontology models. These ontology models covered Upper Layer ontologies, vertical and horizontal domain-specific ontologies and general ones. I had hoped to see some demonstrations of ontology applications with various technologies and platforms but that did not happen. To me the most useful presentation was a project-specific one on the Pallas Organisation and the development of a nuclear power plant in the Netherlands. This gave an interesting insight into how ontologies had been used to support design functions.

    Whilst there was no indication of who was in attendance it was mentioned that over 400 people had registered for the event. This implies a keen interest in the topic and development of Smart City Ontologies.