Definition of Internet of Things (IoT) Cyber Risk – Discussion on a Transformation Roadmap for Standardisation of Regulations, Risk Maturity, Strategy Design and Impact Assessment

The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment need to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model. The main contributions from this paper represent a transformation roadmap for standardisation of IoT risk impact assessment; and transformation design imperatives describing how IoT companies can achieve their target state based on their current state with a Goal-Oriented approach. Verified by epistemological analysis defining a unified cyber risk assessment approach. These can be used for calculating the economic impact of cyber risk; for international cyber risk assessment approach; for quantifying cyber risk; and for planning for impact of cyber-attacks, e.g. cyber insurance. The new methods presented in this paper for applying the roadmap include: IoT Risk Analysis through Functional Dependency; Network-based Linear Dependency Modelling; IoT risk impact assessment with a Goal-Oriented Approach; and a correlation between the Goal-Oriented Approach and the IoTMM model.

Download Full-text

Epistemological Equation for Analysing Uncontrollable States in Complex Systems: Quantifying Cyber Risks from the Internet of Things

The Review of Socionetwork Strategies ◽

10.1007/s12626-021-00086-5 ◽

2021 ◽

Author(s):

Petar Radanliev ◽

David De Roure ◽

Pete Burnap ◽

Omar Santos

Keyword(s):

Risk Assessment ◽

Internet Of Things ◽

Empirical Analysis ◽

Quantitative Risk Assessment ◽

The Internet ◽

Self Assessment ◽

Target State ◽

Epistemological Analysis ◽

Cyber Risk ◽

The Internet Of Things

AbstractThe Internet-of-Things (IoT) triggers data protection questions and new types of cyber risks. Cyber risk regulations for the IoT, however, are still in their infancy. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. At present, there are no self-assessment methods for quantifying IoT cyber risk posture. It is considered that IoT represent a complex system with too many uncontrollable risk states for quantitative risk assessment. To enable quantitative risk assessment of uncontrollable risk states in complex and coupled IoT systems, a new epistemological equation is designed and tested though comparative and empirical analysis. The comparative analysis is conducted on national digital strategies, followed by an empirical analysis of cyber risk assessment approaches. The results from the analysis present the current and a target state for IoT systems, followed by a transformation roadmap, describing how IoT systems can achieve the target state with a new epistemological analysis model. The new epistemological analysis approach enables the assessment of uncontrollable risk states in complex IoT systems—which begin to resemble artificial intelligence—and can be used for a quantitative self-assessment of IoT cyber risk posture.

Download Full-text

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge

Environment Systems & Decisions ◽

10.1007/s10669-020-09792-x ◽

2020 ◽

Author(s):

Petar Radanliev ◽

David De Roure ◽

Max Van Kleek ◽

Uchenna Ani ◽

Pete Burnap ◽

...

Keyword(s):

Risk Assessment ◽

Internet Of Things ◽

Cyber Security ◽

Security Requirements ◽

Self Assessment ◽

Target State ◽

Risk Assessment Models ◽

Dependency Model ◽

Iot Devices ◽

Cyber Risk

AbstractThe Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.

Download Full-text

IoT and Cyber Security

Quantum Cryptography and the Future of Cyber Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2253-0.ch010 ◽

2020 ◽

pp. 203-235

Author(s):

Keyurbhai Arvindbhai Jani ◽

Nirbhay Chaubey

Keyword(s):

Internet Of Things ◽

Cyber Security ◽

Cyber Attacks ◽

The Internet ◽

Smart Objects ◽

The Third ◽

Different Types ◽

Iot Devices ◽

The Internet Of Things

The Internet of Things (IoT) connects different IoT smart objects around people to make their life easier by connecting them with the internet, which leads IoT environments vulnerable to many attacks. This chapter has few main objectives: to understand basics of IoT; different types of attacks possible in IoT; and prevention steps to secure IoT environment at some extent. Therefore, this chapter is mainly divided into three parts. In first part discusses IoT devices and application of it; the second part is about cyber-attacks possible on IoT environments; and in the third part is discussed prevention and recommendation steps to avoid damage from different attacks.

Download Full-text

Cybersecurity and the Internet of Things

Zagadnienia Informacji Naukowej - Studia Informacyjne ◽

10.36702/zin.301 ◽

2016 ◽

Vol 54 (2(108)) ◽

pp. 22-36

Author(s):

Christopher Biedermann

Keyword(s):

Internet Of Things ◽

The Internet ◽

Security Threats ◽

Cyber Attack ◽

Security Issues ◽

Risk Approach ◽

Key Issues ◽

Iot Devices ◽

High Level ◽

The Internet Of Things

PURPOSE/THESIS: The purpose of this paper is to use a recent cyber-attack to highlight the current state of readiness of Internet of Things (IoT) technologies with regard to security vulnerabilities as well as fundamental – in the author’s opinion – changes that will need to take place within these industries and technologies to mitigate the overall cybersecurity risk. APPROACH/METHODS: The analysis of the findings from numerous existing published security studies. RESULTS AND CONCLUSIONS: The following conclusions were reached: (1) in the world becoming more and more interconnected through the web enabled devices (IoT devices), new forms of security threats have been developed; (2) at present IoT devices introduce a high level of vulnerability; (3) many of these risks may be mitigated with already existing technologies; (4) however, due to the fragmented and heterogeneous nature of the IoT devices, the implementation of even basic levels of security is more challenging than in the case of traditional Internet connected devices (e.g. personal computers); (5) the industry needs to face and address three key issues that will in turn help to mitigate the unique security threats posed by IoT devices, namely: the drive towards open standards, the industry cooperation and consolidation, and the improvement of consumer awareness. ORIGINALITY/VALUE: The value of the research is to highlight the security issues related to the Internet of Things and propose solutions that must be implemented to increase the level of security awareness within the IoT environment.

Download Full-text

CYBER SECURITY AND INTERNET OF THINGS

Pakistan Journal of Engineering Technology & Science ◽

10.22555/pjets.v7i1.2084 ◽

2018 ◽

Vol 7 (1) ◽

Cited By ~ 1

Author(s):

Muhammad Saad ◽

Tariq Rahim Soomro

Keyword(s):

Internet Of Things ◽

Cyber Security ◽

The Internet ◽

Vital Part ◽

Privacy Threats ◽

Security Challenges ◽

Standard Solution ◽

Iot Devices ◽

And Storage ◽

The Internet Of Things

Internet has become a vital part of our lives. The number of Internet connected devices are increasing every day and approximate there will be 34 billion IoT devices by 2020. It is observed that security is very weak in these devices and can be easily compromised by hackers as some manufactures failed to implement basic security. Current devices use standards that are easy to implement and works for most forms of communications and storage. There is no such standard solution that will work on every device within the Internet of Things, because of the varied constraints between different devices; resulting in classifications within the Internet of Things. This study addresses security challenges in the Internet of Things (IoT); first will discuss the IoT evolution, architecture and its applications in industries. Further, classify and examine privacy threats, including survey, and pointing out the challenges that need to be overcome to ensure that the Internet of Things becomes a reality.

Download Full-text

Edge Machine Learning for AI-Enabled IoT Devices: A Review

Sensors ◽

10.3390/s20092533 ◽

2020 ◽

Vol 20 (9) ◽

pp. 2533 ◽

Cited By ~ 6

Author(s):

Massimo Merenda ◽

Carlo Porcaro ◽

Demetrio Iero

Keyword(s):

Machine Learning ◽

Internet Of Things ◽

Machine Learning Algorithms ◽

The Internet ◽

Learning Models ◽

Iot Devices ◽

High Level ◽

And Behavior ◽

The Internet Of Things ◽

Machine Learning Models

In a few years, the world will be populated by billions of connected devices that will be placed in our homes, cities, vehicles, and industries. Devices with limited resources will interact with the surrounding environment and users. Many of these devices will be based on machine learning models to decode meaning and behavior behind sensors’ data, to implement accurate predictions and make decisions. The bottleneck will be the high level of connected things that could congest the network. Hence, the need to incorporate intelligence on end devices using machine learning algorithms. Deploying machine learning on such edge devices improves the network congestion by allowing computations to be performed close to the data sources. The aim of this work is to provide a review of the main techniques that guarantee the execution of machine learning models on hardware with low performances in the Internet of Things paradigm, paving the way to the Internet of Conscious Things. In this work, a detailed review on models, architecture, and requirements on solutions that implement edge machine learning on Internet of Things devices is presented, with the main goal to define the state of the art and envisioning development requirements. Furthermore, an example of edge machine learning implementation on a microcontroller will be provided, commonly regarded as the machine learning “Hello World”.

Download Full-text

Climate, Cyber Risk, and the Promise of the Internet of Things (IoT)

SSRN Electronic Journal ◽

10.2139/ssrn.3969506 ◽

2021 ◽

Author(s):

Mohammed Hussein ◽

Lawrence J. Trautman ◽

Louis Ngamassi ◽

Mason Molesky

Keyword(s):

Internet Of Things ◽

The Internet ◽

Cyber Risk ◽

The Internet Of Things

Download Full-text

From Users’ Intentions to IF-THEN Rules in the Internet of Things

ACM Transactions on Information Systems ◽

10.1145/3447264 ◽

2021 ◽

Vol 39 (4) ◽

pp. 1-33

Author(s):

Fulvio Corno ◽

Luigi De Russis ◽

Alberto Monge Roffarello

Keyword(s):

Internet Of Things ◽

Smart Devices ◽

The Internet ◽

Short Term ◽

Real World Data ◽

Original Intention ◽

Recommendation Accuracy ◽

High Level ◽

The Internet Of Things

In the Internet of Things era, users are willing to personalize the joint behavior of their connected entities, i.e., smart devices and online service, by means of trigger-action rules such as “IF the entrance Nest security camera detects a movement, THEN blink the Philips Hue lamp in the kitchen.” Unfortunately, the spread of new supported technologies makes the number of possible combinations between triggers and actions continuously growing, thus motivating the need of assisting users in discovering new rules and functionality, e.g., through recommendation techniques. To this end, we present , a semantic Conversational Search and Recommendation (CSR) system able to suggest pertinent IF-THEN rules that can be easily deployed in different contexts starting from an abstract user’s need. By exploiting a conversational agent, the user can communicate her current personalization intention by specifying a set of functionality at a high level, e.g., to decrease the temperature of a room when she left it. Stemming from this input, implements a semantic recommendation process that takes into account ( a ) the current user’s intention , ( b ) the connected entities owned by the user, and ( c ) the user’s long-term preferences revealed by her profile. If not satisfied with the suggestions, then the user can converse with the system to provide further feedback, i.e., a short-term preference , thus allowing to provide refined recommendations that better align with the original intention. We evaluate by running different offline experiments with simulated users and real-world data. First, we test the recommendation process in different configurations, and we show that recommendation accuracy and similarity with target items increase as the interaction between the algorithm and the user proceeds. Then, we compare with other similar baseline recommender systems. Results are promising and demonstrate the effectiveness of in recommending IF-THEN rules that satisfy the current personalization intention of the user.

Download Full-text

VOCATIONAL SCHOOL LABORATORY ON THE BASIS OF CYBER SECURITY IN THE FIELD OF THE INTERNET OF THINGS (IOT)

Вестник ГГНТУ. Гуманитарные и социально-экономические науки ◽

10.34708/gstou.2019.18.4.018 ◽

2019 ◽

Author(s):

Э.Д. Алисултанова ◽

Л.К. Хаджиева ◽

М.З. Исаева

Keyword(s):

Internet Of Things ◽

Cyber Security ◽

Legal Aspects ◽

Smart Manufacturing ◽

The Internet ◽

Iot Security ◽

Career Opportunities ◽

School Laboratory ◽

Basic Ideas ◽

The Internet Of Things

Данная статья посвящена созданию профориентационной (умной) лаборатории, которая призвана сформировать у школьников базовые представления о технологии Интернет вещей (IoT), угрозах кибербезопасности в этой сфере, мотивировать к получению в будущем профильного образования и построению карьеры в области обеспечения безопасности Интернет вещей (IoT) при функционировании умного производства. Обучение школьников в профориентационной лаборатории, построенное на основе применения интерактивных электронных образовательных ресурсов, прежде всего будет позиционировать карьерные возможности будущих специалистов в сфере обеспечения безопасности Интернет вещей (IoT) при функционировании умного производства. В рамках функционирования лаборатории особое внимание обучающихся сконцентрировано на тематиках правовых аспектов обеспечения кибербезопасности, главных тенденциях развития киберугроз в современном глобальном информационном пространстве и мерах, необходимых для их нейтрализации. This article is devoted to the creation of a career-oriented (smart) laboratory, which is designed to formulate in schoolchildren basic ideas about the Internet of Things (IoT) technology, cyber security threats in this area, motivate to receive specialized education in the future and build a career in the field of Internet things (IoT) security) with the functioning of smart manufacturing. The training of schoolchildren in a vocational guidance laboratory, based on the use of interactive electronic educational resources, will primarily position the career opportunities of future specialists in the field of Internet of Things (IoT) security in the operation of smart manufacturing. Within the framework of the functioning of the laboratory, special attention of students is concentrated on the topics of the legal aspects of ensuring cyber security, the main trends in the development of cyber threats in the modern global information space and the measures necessary to neutralize them.

Download Full-text