Standardisation and Certification of the ‘Internet of Things’

We are grateful to the European Commission, and in particular Gianmarco Baldini of the EC Research Centre, for commissioning the research that underpins this paper, and for permission to publish an abridged account of our findings. We are also grateful to Mike Ellims and Graeme Jenkinson for feedback on vehicle software, as well as to Robert Watson and other colleagues in the Cambridge security group for discussions of security sustainability.

[1]  Ross J. Anderson,et al.  Security Economics and Critical National Infrastructure , 2009, WEIS.

[2]  Harold W. Thimbleby,et al.  Improving Safety in Medical Devices and Systems , 2013, 2013 IEEE International Conference on Healthcare Informatics.

[3]  Mike Bond,et al.  How Certification Systems Fail: Lessons from the Ware Report , 2012, IEEE Security & Privacy.

[4]  Richard Clayton,et al.  Might Governments Clean-Up Malware? , 2011, WEIS.

[5]  Laura Moy,et al.  Killed by Code: Software Transparency in Implantable Medical Devices , 2010 .

[6]  A. Kesselheim,et al.  Postmarket Surveillance of Medical Devices: A Comparison of Strategies in the US, EU, Japan, and China , 2013, PLoS medicine.

[7]  H. Grabowski,et al.  Auto Safety Regulation: An Analysis of Market Failure , 1981 .

[8]  John C. Mitchell,et al.  Protocol Composition Logic (PCL) , 2007, Computation, Meaning, and Logic.

[9]  Harold W. Thimbleby,et al.  The benefits of formalising design guidelines: a case study on the predictability of drug infusion pumps , 2013, Innovations in Systems and Software Engineering.

[10]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[11]  M. Bridge Benjamin's sale of goods , 1992 .

[12]  Tyler Moore,et al.  Measuring the Cost of Cybercrime , 2012, WEIS.

[13]  Ross Anderson,et al.  Who Controls the off Switch? , 2010, 2010 First IEEE International Conference on Smart Grid Communications.