Technical ReportPDF Available

Standards, Governance and Policy. Cybersecurity of the Internet of Things (IoT): PETRAS Stream Report

  • January 2019
DOI:10.13140/RG.2.2.15925.42729
Authors:
Irina Brass at University College London
Irina Brass
Kruakae Pothong at University College London
Kruakae Pothong
Leonie Maria Tanczer
Leonie Maria Tanczer
Leonie Maria Tanczer
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Madeline Carr at University College London
Madeline Carr
Download full-text PDF
Read full-text
Download citation

Figures

Figures - uploaded by Irina Brass
Author content
All figure content in this area was uploaded by Irina Brass
Content may be subject to copyright.
Content uploaded by Irina Brass
Author content
All content in this area was uploaded by Irina Brass on Aug 15, 2019
Content may be subject to copyright.
A preview of the PDF is not available
... Apart from recovery planning, other challenges found in literature for SME's integration in Industry 4.0 supply chains are: a) robustness, safety, and security (Akinrolabu et al. 2019;Brass et al. 2018;Brass et al. 2019;Hahn et al. 2013;Nicolescu et al. 2018a;Zhu et al. 2011); b) control and hybrid systems (Agyepong et al. 2019;Leitão et al. 2016;Nurse et al. 2018;Shi et al. 2011); c) computational abstractions (Ani et al. 2019;Madakam et al. 2015;Radanliev et al. 2018b;Rajkumar et al. 2010;Wahlster et al. 2013); d) real-time embedded systems abstractions (Ghirardello et al. 2018;Kang et al. 2012;Leitão et al. 2016;Marwedel and Engel 2016;PETRAS 2020;Shi et al. 2011;Tan et al. 2008); e) model-based development (Bhave et al. 2011;Jensen et al. 2011;Rajkumar et al. 2010;Shi et al. 2011;Taylor et al. 2018;Wahlster et al. 2013); and f) education and training (Faller and Feldmüller 2015;Nicolescu et al. 2018b;Petar Radanliev et al. 2020;Rajkumar et al. 2010;Wahlster et al. 2013). ...
Cyber risk at the edge: current and future trends on cyber risk analytics and artificial intelligence in the industrial internet of things and industry 4.0 supply chains
Article
Full-text available
  • Dec 2020
Digital technologies have changed the way supply chain operations are structured. In this article, we conduct systematic syntheses of literature on the impact of new technologies on supply chains and the related cyber risks. A taxonomic/cladistic approach is used for the evaluations of progress in the area of supply chain integration in the Industrial Internet of Things and Industry 4.0, with a specific focus on the mitigation of cyber risks. An analytical framework is presented, based on a critical assessment with respect to issues related to new types of cyber risk and the integration of supply chains with new technologies. This paper identifies a dynamic and self-adapting supply chain system supported with Artificial Intelligence and Machine Learning (AI/ML) and real-time intelligence for predictive cyber risk analytics. The system is integrated into a cognition engine that enables predictive cyber risk analytics with real-time intelligence from IoT networks at the edge. This enhances capacities and assist in the creation of a comprehensive understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when AI/ML technologies are migrated to the periphery of IoT networks.
View
... Apart from recovery planning, other challenges found in literature for SME's integration in Industry 4.0 supply chains are: 20 a) robustness, safety, and security (Akinrolabu et al., 2019;Irina Brass, Pothong, Tanczer, & Carr, 2019;Hahn, Ashok, Sridhar, & Govindarasu, 2013;Nicolescu, Huth, Radanliev, & De Roure, 2018a;Zhu et al., 2011); b) control and hybrid systems (Agyepong et al., 2019;Leitão et al., 2016;J. R. Nurse, Radanliev, Creese, & De Roure, 2018;Shi et al., 2011); c) computational abstractions (Ani, Watson, Nurse, Cook, & Maple, 2019;Madakam, Ramaswamy, & Tripathi, 2015;Rajkumar et al., 2010;Wahlster et al., 2013); d) real-time embedded systems abstractions (Ghirardello et al., 2018;Kang et al., 2012;Leitão et al., 2016;Marwedel & Engel, 2016;PETRAS, 2020;Shi et al., 2011;Tan et al., 2008); e) model-based development (Bhave, Krogh, Garlan, & Schmerl, 2011;Jensen et al., 2011;Rajkumar et al., 2010;Shi et al., 2011;Taylor, P., Allpress, S., Carr, M., Lupu, E., Norton, J., Smith et al., 2018;Wahlster et al., 2013); and f) education and training (Faller & Feldmüller, 2015;Nicolescu, Huth, Radanliev, & De Roure, 2018b;Rajkumar et al., 2010;Wahlster et al., 2013). ...
Cyber Risk at the Edge: Current and future trends on Cyber Risk Analytics and Artificial Intelligence in the Industrial Internet of Things and Industry 4.0 Supply Chains
Preprint
Full-text available
  • Aug 2020
Digital technologies have changed the way supply chain operations are structured. In this article, we conduct systematic syntheses of literature on the impact of new technologies on supply chains and the related cyber risks. A taxonomic/cladistic approach is used for the evaluations of progress in the area of supply chain integration in the Industrial Internet of Things and Industry 4.0, with a specific focus on the mitigation of cyber risks. An analytical framework is presented, based on a critical assessment with respect to issues related to new types of cyber risk and the integration of supply chains with new technologies. This paper identifies a dynamic and self-adapting supply chain system supported with Artificial Intelligence and Machine Learning (AI/ML) and real-time intelligence for predictive cyber risk analytics. The system is integrated into a cognition engine that enables predictive cyber risk analytics with real-time intelligence from IoT networks at the edge. This enhances capacities and assist in the creation of a comprehensive understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when AI/ML technologies are migrated to the periphery of IoT networks.
View
... Apart from recovery planning, other challenges found in literature for SME's integration in Industry 4.0 supply chains are: 20 a) robustness, safety, and security (Akinrolabu et al., 2019;Irina Brass, Pothong, Tanczer, & Carr, 2019;Hahn, Ashok, Sridhar, & Govindarasu, 2013;Nicolescu, Huth, Radanliev, & De Roure, 2018a;Zhu et al., 2011); b) control and hybrid systems (Agyepong et al., 2019;Leitão et al., 2016;J. R. Nurse, Radanliev, Creese, & De Roure, 2018;Shi et al., 2011); c) computational abstractions (Ani, Watson, Nurse, Cook, & Maple, 2019;Madakam, Ramaswamy, & Tripathi, 2015;Rajkumar et al., 2010;Wahlster et al., 2013); d) real-time embedded systems abstractions (Ghirardello et al., 2018;Kang et al., 2012;Leitão et al., 2016;Marwedel & Engel, 2016;PETRAS, 2020;Shi et al., 2011;Tan et al., 2008); e) model-based development (Bhave, Krogh, Garlan, & Schmerl, 2011;Jensen et al., 2011;Rajkumar et al., 2010;Shi et al., 2011;Taylor, P., Allpress, S., Carr, M., Lupu, E., Norton, J., Smith et al., 2018;Wahlster et al., 2013); and f) education and training (Faller & Feldmüller, 2015;Nicolescu, Huth, Radanliev, & De Roure, 2018b;Rajkumar et al., 2010;Wahlster et al., 2013). ...
View
... Apart from recovery planning, other challenges found in literature for SME's integration in Industry 4.0 supply chains are: a) robustness, safety, and security (Akinrolabu et al. 2019;Brass et al. 2018;Brass et al. 2019;Hahn et al. 2013;Nicolescu et al. 2018a;Zhu et al. 2011); b) control and hybrid systems (Agyepong et al. 2019;Leitão et al. 2016;Nurse et al. 2018;Shi et al. 2011); c) computational abstractions (Ani et al. 2019;Madakam et al. 2015;Radanliev et al. 2018b;Rajkumar et al. 2010;Wahlster et al. 2013); d) real-time embedded systems abstractions (Ghirardello et al. 2018;Kang et al. 2012;Leitão et al. 2016;Marwedel and Engel 2016;PETRAS 2020;Shi et al. 2011;Tan et al. 2008); e) model-based development (Bhave et al. 2011;Jensen et al. 2011;Rajkumar et al. 2010;Shi et al. 2011;Taylor et al. 2018;Wahlster et al. 2013); and f) education and training (Faller and Feldmüller 2015;Nicolescu et al. 2018b;Petar Radanliev et al. 2020;Rajkumar et al. 2010;Wahlster et al. 2013). ...
Cyber risk at the edge: current and future trends on cyber risk analytics and artificial intelligence in the industrial internet of things and industry 4.0 supply chains
Preprint
Full-text available
  • Dec 2020
Digital technologies have changed the way supply chain operations are structured. In this article, we conduct systematic syntheses of literature on the impact of new technologies on supply chains and the related cyber risks. A taxonomic/cladistic approach is used for the evaluations of progress in the area of supply chain integration in the Industrial Internet of Things and Industry 4.0, with a specific focus on the mitigation of cyber risks. An analytical framework is presented, based on a critical assessment with respect to issues related to new types of cyber risk and the integration of supply chains with new technologies. This paper identifies a dynamic and self-adapting supply chain system supported with Artificial Intelligence and Machine Learning (AI/ML) and real-time intelligence for predictive cyber risk analytics. The system is integrated into a cognition engine that enables predictive cyber risk analytics with real-time intelligence from IoT networks at the edge. This enhances capacities and assist in the creation of a comprehensive understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when AI/ML technologies are migrated to the periphery of IoT networks.
View
... Apart from recovery planning, other challenges found in literature for SME's integration in Industry 4.0 supply chains are: 20 a) robustness, safety, and security (Akinrolabu et al., 2019;Irina Brass, Pothong, Tanczer, & Carr, 2019;Hahn, Ashok, Sridhar, & Govindarasu, 2013;Nicolescu, Huth, Radanliev, & De Roure, 2018a;Zhu et al., 2011); b) control and hybrid systems (Agyepong et al., 2019;Leitão et al., 2016;J. R. Nurse, Radanliev, Creese, & De Roure, 2018;Shi et al., 2011); c) computational abstractions (Ani, Watson, Nurse, Cook, & Maple, 2019;Madakam, Ramaswamy, & Tripathi, 2015;Rajkumar et al., 2010;Wahlster et al., 2013); d) real-time embedded systems abstractions (Ghirardello et al., 2018;Kang et al., 2012;Leitão et al., 2016;Marwedel & Engel, 2016;PETRAS, 2020;Shi et al., 2011;Tan et al., 2008); e) model-based development (Bhave, Krogh, Garlan, & Schmerl, 2011;Jensen et al., 2011;Rajkumar et al., 2010;Shi et al., 2011;Taylor, P., Allpress, S., Carr, M., Lupu, E., Norton, J., Smith et al., 2018;Wahlster et al., 2013); and f) education and training (Faller & Feldmüller, 2015;Nicolescu, Huth, Radanliev, & De Roure, 2018b;Rajkumar et al., 2010;Wahlster et al., 2013). ...
Cyber Risk at the Edge: Current and future trends on Cyber Risk Analytics and Artificial Intelligence in the Industrial Internet of Things and Industry 4.0 Supply Chains
Preprint
Full-text available
  • Aug 2020
Digital technologies have changed the way supply chain operations are structured. In this article, we conduct systematic syntheses of literature on the impact of new technologies on supply chains and the related cyber risks. A taxonomic/cladistic approach is used for the evaluations of progress in the area of supply chain integration in the Industrial Internet of Things and Industry 4.0, with a specific focus on the mitigation of cyber risks. An analytical framework is presented, based on a critical assessment with respect to issues related to new types of cyber risk and the integration of supply chains with new technologies. This paper identifies a dynamic and self-adapting supply chain system supported with Artificial Intelligence and Machine Learning (AI/ML) and real-time intelligence for predictive cyber risk analytics. The system is integrated into a cognition engine that enables predictive cyber risk analytics with real-time intelligence from IoT networks at the edge. This enhances capacities and assist in the creation of a comprehensive understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when AI/ML technologies are migrated to the periphery of IoT networks.
View
Digital Technological Innovation and the International Political Economy
Chapter
Full-text available
  • Jan 2019
This chapter explores the main digital technological innovations currently associated with the Fourth Industrial Revolution-Artificial Intelligence (AI), Blockchain, and the Internet of Things (IoT)-and their effects on the international political economy. It reviews some of their main benefits and challenges to established structures of the global economy, such as international trade and production, or the monetary and financial system. The chapter highlights that the complex coupling, interdependencies and pervasiveness of these digital innovations disrupts the practice of international political economy on three dimensions: the established institutions that structure the international political economy; the distribution of authority between state and non-state actors; and the distribution of resources between and within developed and developing states.
View
State of the Art in IoT - Beyond Economic Value
Technical Report
Full-text available
  • Jan 2018
IoT is a technology that has been promising for more than a decade now to transform economies and advance ideas of public good and social well-being. This report highlights the efforts that have been done in this respect and identifies the main directions for IoT advancements and the main barriers to IoT adoption. The report focuses on the economic value in IoT and argues that harnessing economic value in the IoT space represents a process that takes place continually at the intersection between developments in three major domains: social, technical, and economic.
View
Governance and Policy Cooperation on the Cyber Security of the Internet of Things
Article
Full-text available
  • Mar 2018
This report was based on a workshop. The impetus for this workshop was the recognition that international policy cooperation on the cybersecurity aspects of the IoT has made little progress. This is due in part to a failure to establish a functioning community of technicians and policymakers who are jointly focusing on these issues. From a technical perspective, the IoT will significantly increase opportunities to breach security via new attack surfaces. For policymakers, the heightened insecurity created by the rapid expansion of the IoT marks a significant governance challenge. Addressing these security deficiencies will require an increase in the capacity to share threat information as well as a range of innovative technical and policy solutions. The workshop marked a starting point in building a global community of security practitioners and policymakers who are interested in these issues and who are working on similar topics.
View
A longitudinal analysis of the public perception of the opportunities and challenges of the Internet of Things
Article
Full-text available
The Internet of Things (or IoT), which enables the networked interconnection of everyday objects, is becoming increasingly popular in many aspects of our lives ranging from entertainment to health care. While the IoT brings a set of invaluable advantages and opportunities with it, there is also evidence of numerous challenges that are yet to be resolved. This is certainly the case with regard to ensuring the cyber security of the IoT, and there are various examples of devices being hacked. Despite this evidence, little is known about the public perceptions of the opportunities and challenges presented by the IoT. To advance research in this direction, we mined the social media platform Twitter to learn about public opinion about the IoT. Analysing a longitudinal dataset of more than 6.7 million tweets, we reveal insights into public perceptions of the IoT, identifying big data analytics as the most positive aspect, whereas security issues are the main public concern on the negative side. Our study serves to highlight the importance of keeping IoT devices secure, and remind manufacturers that it is a concern that remains unresolved, at least insofar as the public believes.
View
CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy
Article
Full-text available
  • Nov 2018
Ongoing efforts by state actors to collaborate on addressing the challenges of global cybersecurity have been slow to yield results. Technical expert communities such as Computer Security and Incident Response Teams (CSIRTs) have played a fundamental role in maintaining the Internet's functional structure through transnational collaboration. Responsible for security incident management and located in diverse constituencies, these coordination centres engage in joint responses and solve day‐to‐day cybersecurity problems through diverse national, regional and international networks. This article argues that CSIRTs form an epistemic community that engages in science diplomacy, at times navigating geopolitical tensions in a way that political actors are not able to. Through interviews with CSIRT representatives, we explain how their collaborative actions, rooted in shared technical knowledge, norms and best practices, contribute to the advancement of international cooperation on cybersecurity. Collaborating around a clearly defined technical need, CSIRTs’ issue‐based actions can feed into and support other non‐state and state actors’ endeavours to solve global collective action on cybersecurity. Their practices neither replace nor overshadow other diplomatic mechanisms–including those carried out by state actors – but they help us to identify and understand the subtle instances of science diplomacy that might otherwise be overlooked.
View
Exploring Machine Autonomy and Provenance Data in Coffee Consumption: A Field Study of Bitbarista
Article
Full-text available
  • Nov 2018
Technologies such as distributed ledgers and smart contracts are enabling the emergence of new autonomous systems, and providing enhanced systems to track the provenance of goods. A growing body of work in HCI is exploring the novel challenges of these systems, but there has been little attention paid to their impact on everyday activities. This paper presents a study carried out in 3 office environments for a 1-month period, which explored the impact of an autonomous coffee machine on the everyday activity of coffee consumption. The Bitbarista mediates coffee consumption through autonomous processes, presenting provenance data at the time of purchase while attempting to reduce intermediaries in the coffee trade. Through the report of interactions with and around the Bitbarista, we explore its implications for everyday life, and wider social structures and values. We conclude by offering recommendations for the design of community shared autonomous systems.
View
A Blockchain-based Infrastructure for Reliable and Cost-effective IoT-aided Smart Grids
Poster
Full-text available
  • Apr 2018
One of the main trends in the evolution of smart grids is transactive energy, where istributed energy resources, e.g. smart meters, develop towards Internet-of-Things (IoT) devices enabling prosumers to trade energy directly among each other, without the need of involving any centralised third party. The expected advantages in terms of cost-effectiveness would be significant, indeed technical solutions are being investigated and large-scale deployment are planned by major utilities companies. However, introducing transactive energy in the smart grid entails new security threats, such as forging energy transactions. This paper introduces an infrastructure to support reliable and cost-effective transactive energy, based on blockchain and smart contracts, where functionalities are implemented as fully decentralised applications. Energy transactions are stored in the blockchain, whose high replication level ensures stronger guarantees against tampering. Energy auctions are carried out according to transparent rules implemented as smart contracts, hence visible to all involved actors. Threats deriving from known vulnerabilities of smart meters are mitigated by temporarily keeping out exposed prosumers and updating their devices as soon as security patches become available.
View
A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate
Article
Full-text available
  • Oct 2018
Technological advances have resulted in organizations digitalizing many parts of their operations. The threat landscape of cyberattacks is rapidly changing and the potential impact of such attacks is uncertain, because there is a lack of effective metrics, tools and frameworks to understand and assess the harm organizations face from cyber-attacks. In this article, we reflect on the literature on harm, and how it has been conceptualized in disciplines such as criminology and economics, and investigate how other notions such as risk and impact relate to harm. Based on an extensive literature survey and on reviewing news articles and databases reporting cyber-incidents, cybercrimes, hacks and other attacks, we identify various types of harm and create a taxonomy of cyber-harms encountered by organizations. This taxonomy comprises five broad themes: physical or digital harm; economic harm; psychological harm; reputational harm; and social and societal harm. In each of these themes, we present several cyber-harms that can result from cyber-attacks. To provide initial indications about how these different types of harm are connected and how cyber-harm in general may propagate, this article also analyses and draws insight from four real-world case studies, involving Sony (2011 and 2014), JPMorgan and Ashley Madison. We conclude by arguing for the need for analytical tools for organizational cyber-harm, which can be based on a taxonomy such as the one we propose here. These would allow organizations to identify corporate assets, link these to different types of cyber-harm, measure those harms and, finally, consider the security controls needed for the treatment of harm.
View
Governing artificial intelligence: Ethical, legal and technical opportunities and challenges
Article
  • Nov 2018
This paper is the introduction to the special issue entitled: ‘Governing artificial intelligence: ethical, legal and technical opportunities and challenges'. Artificial intelligence (AI) increasingly permeates every aspect of our society, from the critical, like urban infrastructure, law enforcement, banking, healthcare and humanitarian aid, to the mundane like dating. AI, including embodied AI in robotics and techniques like machine learning, can improve economic, social welfare and the exercise of human rights. Owing to the proliferation of AI in high-risk areas, the pressure is mounting to design and govern AI to be accountable, fair and transparent. How can this be achieved and through which frameworks? This is one of the central questions addressed in this special issue, in which eight authors present in-depth analyses of the ethical, legal-regulatory and technical challenges posed by developing governance regimes for AI systems. It also gives a brief overview of recent developments in AI governance, how much of the agenda for defining AI regulation, ethical frameworks and technical approaches is set, as well as providing some concrete suggestions to further the debate on AI governance. This article is part of the theme issue ‘Governing artificial intelligence: ethical, legal, and technical opportunities and challenges’.
View
View