Risk Analysis with the Dempster–Shafer Theory for Smart City Planning: The Case of Qatar

Smart cities support the enhancement of the quality of life of their residents, for which the use of a robust integrated platform of information and communication technology is required. However, not all cities have similar technology infrastructure and a similar understanding of the quality of life. Therefore, holistic planning, resource support, security, continuous updates, and dynamic operational enhancements should be considered while planning smart cities. However, a smart city could be vulnerable to security threats and a loss of personal or classified information due to the complexity of technology integration. Therefore, understanding and assessing different risks and embedding risk management mechanisms would be required to minimize vulnerability exposure in smart cities. This paper proposes a risk assessment method using the Dempster–Shafer theory for smart city planning. The Dempster–Shafer theory is used here to analyze the risks perceptions of experts. The principal component analysis method is used to analyze the data obtained from risk assessment. The application of this method is determined through a smart city test case in Qatar.


Introduction
The smart city concept was introduced in the early 1990s to integrate advanced information and communication technology (ICT) [1] to facilitate different processes and services in the cities. The primary goals considered for a smart city project were the enhancements in quality of life, economy, transport and traffic, clean and sustainable environment, and access to interaction with the government's relevant authorities [2]. The smart city concept is now considered in terms of dimensions, such as smart mobility [3], smart governance, smart living, smart people, and smart environment [4][5][6].
Smart city systems are complex and multifunction oriented, making them vulnerable to operational, strategic, and external risks [6]. Risks can also be associated with socio-political, financial, technical, and resource requirements [7,8]. The most serious among these are the risks related to security and privacy [9][10][11]. Current smart city risk assessments methods focus on an individual smart city system, such as smart mobility and transportation systems [10] and smart home applications [11]. However, the mitigation of the effects of technological risks, such as interoperability, network connectivity, security, and privacy, and non-technical risks, such as managerial, political, environmental, and user trust and adoption, can only be attained by holistic risk assessment [12].
A review of the literature exposes a lack of comprehensive risk assessment methodologies for consideration by smart city planners. This paper contributes to the literature by proposing and demonstrating a smart city risk analysis method using the Dempster-Shafer theory for technical and non-technical risks.
Smart city concepts are being adopted in many parts of the work as ICT acquisition, installation, and operations costs are becoming affordable to the countries and the people. It should also be understood that the requirements for a smart city might be different in different countries. The risks, therefore, may be perceived differently in different smart city The basic FMEA method is a qualitative method used for risk mitigation during the design phase [22]. It focuses on failure modes, causes, and effects during and before their occurrence [23]. Subriadi and Najwa [24] used an improved FMEA method with four phases for ICT risk assessment: determining risk assessment requirements, identifying risks, assessing risks, and analyzing and evaluating risks. The exact parameters used in this technique are based on the risk impact category and are aligned with the failure effect.
The FMEA method is also used in the smart city context [25]. The main advantage of FMEA is in evaluating critical and potential risks to support risk management [22]. The main limitation of FMEA is its qualitative approach and is based on other techniques to obtain values for occurrence, severity, and detection of risks [23]. The Monte Carlo simulation method presents the outcome from a sequence of events. The method is based on a mathematical formula that provides the result based on random variables that affect the outcome. Each variable derives its value from a defined range, then the outcome is calculated [26]. This method is suitable for estimating outcomes from the product of multiple random variables, including sources of uncertainty. It has been used to evaluate the quality of IT security investment in organizations [27]; therefore, it may be applied to a smart city. The authors suggest combining the Monte Carlo method, Markov chain, and Bayesian model to achieve a detection model applied to e-mail intrusion detection. The method is hindered by the high computational requirements for running even a simple simulation [27].

Fuzzy Logic Theory
Fuzzy logic theory, unlike Boolean logic (which always results in 0 or 1), strictly defines some transitional values between (0,1). Thus, no precise true or false evaluation is obtained from this theory. Fuzzy logic is based on fuzzy sets containing elements with membership levels. An element can be a member of different sets with different values. The main difference between probability and fuzzy logic is that probability estimates values about specific reality, whereas fuzzy logic denotes membership of an indistinct set [28].
The fuzzy logic theory is also used in smart city risk assessment [29], focusing on underground applications in smart cities, including underground railways, water supply systems, sewerage systems, parking, and electricity lines. In this approach, a risk index is developed for all systems. Three models are used to measure the risk index [29]: linear approximation, hierarchal fuzzy logic, and a hybrid model based on an arrangement of both models. The resulting model can perform automatic clustering based on the risk index and assist maintenance teams in prioritizing their tasks.
Alawad, An, and Kaewunruen [32] investigated smart risk assessment methods in railway applications through an intelligent system for managing risks (ISFMR). The authors used an adaptive neuro-fuzzy inference system (ANFIS) as a model to enhance risk management. AI is trained through artificial neural networks (ANN) to predict risks and uncertainties based on actual values and risk information. This method allows learning, making predictions, and capturing risk level values in real-time. However, this method is limited by the time needed for machine training and linearity assumptions for the input parameters.

Game Theory
Game theory may be applicable for assessing risk, as it can encompass the contrasting objectives of the two main decision-makers (players). The game includes interactions, constraints, payoffs, and actions the players take. The analysis is ended when all players consider that the obtained solution is the best one (called Nash equilibrium) for the given condition [30]. Game theory is flexible in its application, but it is not widely used in the smart city context as the security context requires comprehensive information during planning. Still, such information can change during the operation stage, thus rendering a one-time decision impractical.

Dempster-Shafer Theory
The Dempster-Shafer theory is an evidence-based theory proposed by Shafer (1976) as an extension to the work of Dempster (1967). This theory can be considered a generalized probability theory in a finite space that should be discrete. In this theory, the probability is assigned to mutually exclusive sets [13].
Traditional theories assign a probability to one possible event, but in the Dempster-Shafer Theory, probabilities can be correlated with multiple possible events. The main advantage of using the Dempster-Shafer theory is its flexible design for handling different levels of information precision and representing the uncertainty of systems without making further assumptions [13].
Further discussion in this paper is organized as follows. Research methods are discussed in Section 2. In this section, details of Qatar's smart city project and the research method are also given. The details of the Dempster-Shafer theory are also given in this section. The analysis results obtained from the Dempster-Shafer theory are given in Section 3. The Principal Component Analysis (PCA) method analyzes the results obtained from Dempster-Shafer theory on the case study, given in Section 4. The discussion on the model's application and the implications is made in Section 5. The paper's conclusions are represented in Section 6.

The Smart City Case and the Research Method
This section gives the background on a smart city in Qatar. The identification of the smart city has been concealed and is only referred to as City W in this paper. The details of the research method, research questions, data collection, and the Dempster-Shafer theory are also provided.

Case Study: Qatar's Smart City (City W)
The City W project involves experts from different disciplines: architects, master planners, engineers, designers, and specialists from Harvard, Princeton, Yale, and MIT. The project started in the last decade and was divided into four construction stages. The project includes more than 800 housing units, 10,000 parking places, and more than 100 buildings [33]. The smart living dimension in City W considers healthcare applications (e-health), education applications (e-learning), and smart building applications. The smart mobility dimension covers smart vehicles and transportation systems. The smart environment dimension covers waste discarding, pollution control, energy management, quality of air and water, increased green spaces, and controlled emissions. The smart governance dimension covers applications related to e-government and services and public participation. The risks that are considered for this city are illustrated in Table 2.  Figure 1 illustrates the research method adopted in this paper. A description of the method is given in the following sub-sections.

Research Questions
Two research questions, as mentioned below, are considered in this paper to develop insights into risks and risk analysis.

RQ1:
What risks are essential for the analysis of a smart city? RQ2: What are the expert perceptions of risks in a smart city in Qatar?

Data Collection
A focus group meeting, including subject matter experts from the City W project and the associated ICT company, was used to provide information on the planned risks and incidents [34]. The project documents and published brochures were also studied to extract information. These types of document analysis and focus groups discussions are considered qualitative analysis techniques [35]. Based on the extracted information, City W's risks and incidents and their validity, as expressed by the two experts, are provided in Table 3. The expert inputs are needed to apply the Dempster-Shafer theory, which can consider multiple sources of evidence such as sensors, surveys, models, and experts [36]. In Table 3, for example, the values expressed by Expert 1 represent the belief that the cybersecurity risk will occur mainly due to cyberattacks (85% chance) and due to operator error (15%). These values will be expressed through mathematical notations later. Table 3. The incidents causing risks and experts' results.

Research Questions
Two research questions, as mentioned below, are considered in this paper to develop insights into risks and risk analysis.

RQ1:
What risks are essential for the analysis of a smart city? RQ2: What are the expert perceptions of risks in a smart city in Qatar?

Data Collection
A focus group meeting, including subject matter experts from the City W project and the associated ICT company, was used to provide information on the planned risks and incidents [34]. The project documents and published brochures were also studied to extract information. These types of document analysis and focus groups discussions are considered qualitative analysis techniques [35]. Based on the extracted information, City W's risks and incidents and their validity, as expressed by the two experts, are provided in Table 3. The expert inputs are needed to apply the Dempster-Shafer theory, which can consider multiple sources of evidence such as sensors, surveys, models, and experts [36]. In Table 3, for example, the values expressed by Expert 1 represent the belief that the cybersecurity risk will occur mainly due to cyberattacks (85% chance) and due to operator error (15%). These values will be expressed through mathematical notations later. There are three crucial functions of the Dempster-Shafer theory: the basic probability assignment function (m), the belief function (Bel), and the plausibility function (Pl). The basic probability assignment (m) is based on improvised evidence theory. This function does not state the probability in its usual definition but as a function of power set P(X) that represents all potential states of the set, for the interval between 0 and 1; that is, m(0) and the sum of (m) for all subsets, which equals to 1. Applying this definition to set A, for instance, the basic probability assignment for set A is represented as m(A), which articulates the fraction of relevant evidence supporting the assumption that a specific element of X (universal set) belongs to set A. Another basic probability assignment, (m), will represent more evidence in the subset.
The representation of basic probabilities with Dempster-Shafer theory can be written as: where P(X) is the power of set X and ∅ is the null set. The interval (0,1) is bounded by two measures: the belief and the plausibility. The belief function of set A: Bel(A) is the sum of all basic probability assignments (m) of a subset (B) of set A. For example, in the data presented in Table 3, Bel(A) for Expert 1 = m 1 (Cyberattacks) + m 1 (Operator error) = 1. The plausibility: Pl(A) is the sum of the basic probability assignments of a set (B) that intersects with set A [13]. For example, in the data presented in Table 3, Pl(A) = 0 since there is no subset intersecting with the main set, which means intersection = ∅ The belief function and plausibility function values are nonadditive. Accordingly, it is not required that the sum of all belief measures be 1, and the same applies to plausibility measures [13]. Additionally, the two functions can be derived from each other as follows: where (¬A) (not A) complements A. This definition comes from the sum of basic probability assignments is 1.
For aggregating the information from multiple sources, the Dempster combination rule is used in this paper. This rule highlights the agreement between different sources and ignores conflicting evidence by using a normalization factor. The rule represents a new basic probability assignment, designated m 12 = m 1 ⊕ m 2 , that is a strict AND operation and is calculated by the formula: where: In Equation (7), K represents the basic probability function of conflict and is determined by summing all basic probability assignment (m) sets when a basic probability function has a value of 0 or null. The denominator (1 − K) in Equation (7) is a normalizing factor to avoid the conflict between basic probability assignments. Using the Dempster combination rule, basic probability functions related to conflict are assigned to the null set [13]. Table 4 presents risks and associated incidents of risks. Let m 1 represents the basic probability function assigned by Expert 1 and m 2 represents that for Expert 2. Components from A to L shown in Table 4 are incidents causing risks, denoted in the equations as subsets. The data provided in Table 3 shows that for Expert 1, cybersecurity risk (CR) occurs due to cyberattacks (component A) with a probability of 0.85 or due to operator error (component B) with a probability of 0.15. For Expert 2, cybersecurity risk (CR) occurs due to component (A) with a probability of 0.9 and due to component (B) with a probability of 0.1. Based on this information, the functions are developed as follows:  The following steps are followed to obtain the values with Equation (7).

1.
The combined basic probability assignment function is calculated for each cell by multiplying the basic probability function from the related column and row.

2.
The basic probability function for each set from each expert is multiplied.

3.
The resulted values from combining similar components appearing in two cells are added.

4.
According to the collected data, the two experts did not provide conflicting answers to one question, which means one expert assigns 0 basic probability for an incident.
No zero values result from the multiplication. For a zero value to result, for instance, Expert 1 may believe that Cybersecurity risk will not be from cyberattacks (component (A)) and will have a belief of 0. In this case. In this way, the plausibility function is calculated.
According to Table 5, the combined basic probability assignment m 12 that cybersecurity risk is due to component A is 0.7650, The combined basic probability assignment m 12 that cybersecurity risk is due to component B is 0.0150, and the combined belief function that the cybersecurity risk is due to components A and B is 0.0850 + 0.1350 = 0.22.
The following section demonstrates the application of the Dempster-Shafer theory and the Dempster combination rule on each risk.

Results from the Application of the Dempster-Shafer Theory
The demonstration of the Dempster-Shafer theory and the Dempster combination rule is discussed here.

Cybersecurity Risk (CR) Analysis
The analysis shows that the combined basic probability assignment of cybersecurity risk (CR) due to component A is 0.7650 based on Equation (7). The combined basic probability assignment of CR due to component B is 0.0150. The CR's combined basic probability assignment due to Component A and B is 0.0850 + 0.1350 = 0.22. It means that the proportion of cyberattack and operator error together causing cybersecurity risk based on the combined basic probability function for both experts is equal to 0.22. Therefore, as shown in Table 5:

Technical Data and Application Risk (TR) Analysis
The combined basic probability assignment of technical data and application risk (TR) due to component A (cyberattack) is 0.6580, as per Equation (7). The combined basic probability assignment that TR is due to component C (wrong design) is 0.0020, and component D (power outage) is 0.01. The table also illustrates that TR's combined basic probability assignment due to component C and component A is 0.0070 + 0.1880 = 0.195.
The combined basic probability assignment of (TR) due to component A and component D is 0.13, while component C and component D is 0.011.  Table 6 illustrates the results of the combined belief function from Expert 1 and Expert 2: Table 6. Dempster combination of Expert 1 and Expert 2 for technical data and application risk.

Network Infrastructure Risk (NR)
Applying the Dempster combination rule on the basic probability assignment representing the components causing network infrastructure risk (NR) leads to the combined basic probability assignments in Table 7.

Energy Consumption Risk (ER)
Application of the Dempster combination rule shows that the Energy consumption risk (ER), which is similar to components causing Network infrastructure risk, leads to the combined basic probability assignments in Table 8.

Policies, Laws, and Rules Risks (PLR)
Non-technical risks related to Qatar's smart city are investigated using the Dempster combination rule. The rule is applied on the basic probability assignment representing the components causing policies, laws, and rules risks (PLR), components E and F. They result in the combined basic probability assignments in Table 9.  Table 9. Dempster combination of Expert 1 and Expert 2 for policies, laws, and rules risk.

Approvals and Resource Management Risks (AR)
Four components, (G), (H), (I), and (J), cause these risks. Each component has its basic probability assignment based on the experts' beliefs. Applying the Dempster combination rule will identify this risk's combined basic probability assignment as follows (Table 10).

Strategic Risks (SR)
Components causing strategic risk (SR) are mainly the change of management (K) and insufficient relationships with stakeholders (L). The Dempster combination rule is used to construct each component's combined basic probability assignment. Table 11 provides the calculations for the following combined belief functions:  Table 11. Dempster combination of Expert 1 and Expert 2 for strategic risks.

Analysis of the Results
The PCA method is a multivariate analysis technique used to analyze data variations when there are highly correlated variables and a large number of independent variables [37]. The PCA method is used for risk analysis in different fields such as machine learning and artificial intelligence [38], banking risk management. In this paper, the results obtained from the Dempster-Shafer theory analysis are further analyzed through the PCA method, which is performed through four steps: standardization, covariance matrix calculation, identifying principal components, and graphically presenting significant and non-significant components.
Descriptive statistics are calculated for standardization purposes before performing PCA. The primary values are the mean, maximum, and standard deviation with α= 0.05, the threshold value representing the accepted error probability. Table 12 shows these values. The values presented in Table 13 show that the combined basic probability for the studied value is proportional with values believed by Expert 1 and Expert 2.  The correlation matrix presents how values vary from the mean value concerning each other (Table 13). Values are different from 0, with a significance level α = 0.05 being the accepted error probability. The correlation coefficient differs between 1 and −1; significant correlations are closer to 1 or −1, while values near 0 show no correlation. The analysis shows that basic probability assignment for incidents causing risks believed by Expert 1, Expert 2, and the combined basic probability assignment resulting from the Dempster combination rule are highly correlated.
The correlation of Experts' beliefs (circle) and principal components (lines) are presented with the correlation circle in Figure 2. In the figure, the principal components are represented by the experts and Combined DS values. The horizontal and vertical axes in Figure 2 represent the variance of data provided by the principal components. The value 99.19% results from combining the percentages at the horizontal and vertical axis; that is, experts believe there is a 99.19% f probability that the identified incidents cause the risks mentioned. The principal component lines in the circle represent the correlation between any two experts' beliefs. The acute angle between the lines shows that expert beliefs and Combined DS values are highly correlated. It means that the risk values obtained from the assessment are highly reliable. The observed risk incidents designated by components A, B, C, D, E, G, H, and K are causing the risks in City W.

Discussion
Smart city planning and implementation projects require the integration of multiple isolated systems. Due to the technology involved and the technology integration required, The observed risk incidents designated by components A, B, C, D, E, G, H, and K are causing the risks in City W.

Discussion
Smart city planning and implementation projects require the integration of multiple isolated systems. Due to the technology involved and the technology integration required, we need to assess the risks during the planning process to minimize their effect during operation.
The first research question is related to essential risks in a smart city context. Six technical risks were identified from the literature review: cybersecurity risk, technical data and applications risk, network infrastructure risk, data privacy and protection risk, low productivity risk in blockchain, and energy consumption risk. The non-technical risks such as policies, laws, rules, approvals and resource management, strategic risks, and data privacy and protection risks were identified. There may be data privacy and protection risk; however, it requires the use of blockchain technology, which was not considered for the planning of City W; however, it will be necessary when a large amount of data is generated.
The second research question is related to the experts' perceptions of risks. The analysis shows that cybersecurity risk is considered the most critical technical risk in City W. The cyberattacks component has a high value of basic probability assignment (0.7650), whereas risks due to operators' error are considered low. It is believed that as the operator's learning curve is assumed to be high, the impact could be minimized through associated training and simulation. Cyberattack is believed to be the leading cause of this risk in City W, with a high value of basic probability assignment (0.658) for data analysis and application risk. That means the management needs to consider high-security measures to mitigate this risk. The analysis also shows that other risk components such as wrong design and power outage have minor effects. City W's power supply system design and operation are robust and built with a different captive generation [33]. Therefore, the expert group's opinion reflects this in their basic probability assignment value.
As an example, the analysis of the values obtained from the experts shows that in City W, network infrastructure and energy consumption risks are considered to be related to wrong design, operators' errors, and power outages. The operator's error component is assumed to cause network infrastructure risk due to a high value of basic probability assignment value (0.7742). In contrast, the operator's error has a higher basic probability assignment value (0.9604) related to energy consumption risks. Planners knowing this perception of risks, should aim for highly trained technical resources for energy applications during both the development and operation of the city. When there is an employee turnover, this risk can be avoided through proper documentation and orientation of the incoming technical person. The analysis shows a smaller chance (low basic probability assignment) of wrong design and power outage in City W.
This study highlights three leading non -technical risks: policies, laws and rules risk, approvals and resource management risk, and strategic risks. Policies, laws, and rules risk are caused due to two main components: a lack of awareness of policies, laws, and rules and a lack of awareness of policies, laws, and rules in the business. The combined basic probability assignment function indicates that the lack of awareness of policies, laws, and rules in the business has a relatively high value of 0.7225 for City W. The above results indicate that fault applications for policies, laws, and rules due to a lack of knowledge will lead to the policies, laws, and rules. The low basic probability assignment value of the lack of awareness of policies, laws, and rules indicates that the organization continuously provides critical awareness.
Four components of approvals and resource management risk are analyzed in this study: the lack of critical resources, employee burnout, escalated project cost, and outsourcing. The lack of critical resources has the highest basic probability assignment value (0.7225). The main incident to cause resources management risk is the lack of critical resources.
Other combinations do not have significant basic probability assignment value to be considered in the decision-making process. Therefore, securing critical resources for different applications in a smart city is crucial. For operating and maintaining different systems, recruits or next-line employees must be trained to avoid this risk when critical employees are present.
This analysis provided that the combined basic probability assignment of having the risk due to a change of management and insufficient relationship with stakeholders have a value of (0.5). It means that the probability of this risk is high if a change of management and insufficient relationships occur simultaneously. This analysis shows a need for the stakeholders to have a clear view of the potential risks in smart cities so that appropriate mechanisms can be developed as a part of the risk response strategy.

Conclusions
Risk identification and management are crucial in the planning and implementing of a smart city. Smart cities use state-of-the-art technologies and applications to provide services to enhance the quality of life of their citizens. However, such technologies and applications bring a host of technical and non-technical risks, and their assessment becomes important to plan for impact mitigation. Smart applications create a large amount of data, leading to security, privacy, and legal challenges. Therefore, the scope of the paper is limited to the assessment and providing an understanding of the risk impact so that the planners can consider it for smart city development.
The paper contributes by developing a risk assessment methodology and demonstrating its use in a smart city planning situation. The paper also provides a list of risks perceived by the planners for analysis through the Dempster-Shafer theory and the principal component analysis. The beliefs perceived by the planners provide a basis for assessing risk occurrence, which is usually based on the technology absorption in the country, availability of technology, legislation, and skills. The PCA shows that incidents like cyberattacks, operators' errors; a lack of awareness of policies, laws, and rules; a lack of critical resources, and; change management have a higher probability of occurrence. It should be noted that these risks can create secondary or residual risks, which might be challenging to identify and address. The method is scalable to the application to the higher number of inputs from the planners or experts through the pairwise comparisons of the analysis. As the methodology is not based on the scale of the city, it should be applicable in other smart city planning.
The review shows no comparable comprehensive and generic risk assessment models for smart city applications. There are different models for specific risk assessments; however, they do not consider experts' perceptions. As the perceptions are based on the country's current socio-technical and economic situation, their visualization of potential risks may be closely aligned to the actual situation.
The risk assessment method developed in this paper is the first step towards developing a larger risk assessment framework for smart city planning and operation. The perception analyzed through the Dempster-Shafer theory is scalable and dynamic.
Further research could also be considered studying the interrelations between risks and their effect on other risks in smart city projects. The methodology presented here may be extended by combining it with artificial intelligence, as mentioned in [30], which can consider dynamic decision-making abilities to eliminate or mitigate the impact of risk within a small window. This type of combination can also support efficient risk prediction capabilities.
Author Contributions: R.A.S.: conceptualization, writing, data collection, reviewing, and editing. S.P.: inception, supervision, writing, reviewing, editing. All authors have read and agreed to the published version of the manuscript.
Funding: This research received no external funding.
Informed Consent Statement: Informed consent was obtained from all subjects involved in the study.

Data Availability Statement:
The data presented in this study are available on request from the corresponding author. The data are not publicly available due to confidentiality reasons.

Conflicts of Interest:
The authors declare no conflict of interest.