Cyber Risk in IoT Systems

In this paper we present an understanding of cyber risks in the Internet of Things (IoT), we explain why it is important to understand what IoT cyber risks are and how we can use risk assessment and risk management approaches to deal with these challenges. We introduce the most effective ways of doing Risk assessment and Risk Management of IoT risk. As part of our research, we also developed methodologies to assess and manage risk in this emerging environment.  This paper will take you through our research and we will explain: what we mean by the IoT; what we mean by risk and risk in the IoT; why risk assessment and risk management are important; the IoT risk management for incident response and recovery; what open questions on IoT risk assessment and risk management remain.

Download Full-text

Epistemological Equation for Analysing Uncontrollable States in Complex Systems: Quantifying Cyber Risks from the Internet of Things

The Review of Socionetwork Strategies ◽

10.1007/s12626-021-00086-5 ◽

2021 ◽

Author(s):

Petar Radanliev ◽

David De Roure ◽

Pete Burnap ◽

Omar Santos

Keyword(s):

Risk Assessment ◽

Internet Of Things ◽

Empirical Analysis ◽

Quantitative Risk Assessment ◽

The Internet ◽

Self Assessment ◽

Target State ◽

Epistemological Analysis ◽

Cyber Risk ◽

The Internet Of Things

AbstractThe Internet-of-Things (IoT) triggers data protection questions and new types of cyber risks. Cyber risk regulations for the IoT, however, are still in their infancy. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. At present, there are no self-assessment methods for quantifying IoT cyber risk posture. It is considered that IoT represent a complex system with too many uncontrollable risk states for quantitative risk assessment. To enable quantitative risk assessment of uncontrollable risk states in complex and coupled IoT systems, a new epistemological equation is designed and tested though comparative and empirical analysis. The comparative analysis is conducted on national digital strategies, followed by an empirical analysis of cyber risk assessment approaches. The results from the analysis present the current and a target state for IoT systems, followed by a transformation roadmap, describing how IoT systems can achieve the target state with a new epistemological analysis model. The new epistemological analysis approach enables the assessment of uncontrollable risk states in complex IoT systems—which begin to resemble artificial intelligence—and can be used for a quantitative self-assessment of IoT cyber risk posture.

Download Full-text

Cyber Risk Management for the Internet of Things

10.20944/preprints201904.0133.v1 ◽

2019 ◽

Cited By ~ 2

Author(s):

Petar Radanliev ◽

David Charles De Roure ◽

Jason R.C. Nurse ◽

Pete Burnap ◽

Eirini Anthi ◽

...

Keyword(s):

Risk Assessment ◽

Internet Of Things ◽

Impact Assessment ◽

Cyber Security ◽

The Internet ◽

Target State ◽

High Level ◽

Cyber Risk ◽

The Internet Of Things ◽

Oriented Approach

The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment need to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model. The main contributions from this paper represent a transformation roadmap for standardisation of IoT risk impact assessment; and transformation design imperatives describing how IoT companies can achieve their target state based on their current state with a Goal-Oriented approach. Verified by epistemological analysis defining a unified cyber risk assessment approach. These can be used for calculating the economic impact of cyber risk; for international cyber risk assessment approach; for quantifying cyber risk; and for planning for impact of cyber-attacks, e.g. cyber insurance. The new methods presented in this paper for applying the roadmap include: IoT Risk Analysis through Functional Dependency; Network-based Linear Dependency Modelling; IoT risk impact assessment with a Goal-Oriented Approach; and a correlation between the Goal-Oriented Approach and the IoTMM model.

Download Full-text