Definition of Internet of Things (IoT) Cyber Risk – Discussion on a Transformation Roadmap for Standardisation of Regulations, Risk Maturity, Strategy Design and Impact Assessment

The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment needs to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model.

[1]  Petar Radanliev,et al.  Green-Field Architecture for Sustainable Supply Chain Strategy Formulation , 2015 .

[2]  Lihui Wang,et al.  Current status and advancement of cyber-physical systems in manufacturing , 2015 .

[3]  Martin D. Weinberg,et al.  Computational statistics using the Bayesian Inference Engine , 2012, 1203.3816.

[4]  Muhammad Bilal,et al.  A Review of Internet of Things Architecture, Technologies and Analysis Smartphone-based Attacks Against 3D printers , 2017, ArXiv.

[5]  David Wright,et al.  Stochastic Modelling of the Effects of Interdependencies between Critical Infrastructure , 2009, CRITIS.

[6]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[7]  Petar Radanliev A conceptual framework for supply : supply chain systems architecture and integration design based on practice and theory in the North Wales slate mining industry , 2014 .

[8]  Josune Hernantes,et al.  Critical infrastructure dependencies: A holistic, dynamic and quantitative approach , 2015, Int. J. Crit. Infrastructure Prot..

[9]  Michael Huth,et al.  Future Developments in Cyber Risk Assessment for the Internet of Things , 2018, Comput. Ind..

[10]  Petar Radanliev,et al.  Engineering Design Methodology for Green-Field Supply Chain Architectures Taxonomic Scheme , 2015 .

[11]  Alberto L. Sangiovanni-Vincentelli,et al.  Taming Dr. Frankenstein: Contract-Based Design for Cyber-Physical Systems , 2012, Eur. J. Control.

[12]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[13]  G. Rodewald. Aligning information security investments with a firm's risk tolerance , 2005, InfoSecCD '05.

[14]  Andrea Vinci,et al.  A Smart Platform for Large-Scale Cyber-Physical Systems , 2016, Management of Cyber Physical Objects in the Future Internet of Things.

[15]  Jason R. C. Nurse,et al.  Insider threat response and recovery strategies in financial services firms , 2016 .

[16]  Joseph Lindley,et al.  Internet of Things: realising the potential of a trusted smart world , 2018 .

[17]  Panayiotis Kotzanikolaou,et al.  Cascading Effects of Common-Cause Failures in Critical Infrastructures , 2013, Critical Infrastructure Protection.

[18]  Larry Feldman,et al.  The Cybersecurity Framework: Implementation Guidance for Federal Agencies , 2017 .

[19]  Petar Radanliev,et al.  Architectures for Green-Field Supply Chain Integration: Supply Chain Integration Design , 2015 .

[20]  David De Roure,et al.  Integration of Cyber Security Frameworks‚ Models and Approaches for Building Design Principles for the Internet−of−Things in Industry 4.0 , 2018, IoT 2018.

[21]  Petar Radanliev,et al.  Economic impact of IoT cyber risk - Analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance , 2018, IoT 2018.

[22]  Peter C. Evans,et al.  Industrial Internet: Pushing the Boundaries of Minds and Machines , 2012 .

[23]  Keyun Ruan,et al.  Introducing cybernomics: A unifying economic framework for measuring cyber risk , 2017, Comput. Secur..

[24]  Panayiotis Kotzanikolaou,et al.  Time-based critical infrastructure dependency analysis for large-scale and cross-sectoral failures , 2016, Int. J. Crit. Infrastructure Prot..

[25]  Paulo Leitão,et al.  Industrial automation based on cyber-physical systems technologies: Prototype implementations and challenges , 2016, Comput. Ind..

[26]  Sadie Creese,et al.  If you can't understand it, you can't properly assess it! The reality of assessing security risks in Internet of Things systems , 2018, IoT 2018.

[27]  Petar Radanliev,et al.  Supply Chain Systems Architecture and Engineering Design: Green-Field Supply Chain Integration , 2015 .

[28]  Michael Huth,et al.  Mapping the values of IoT , 2018, J. Inf. Technol..

[29]  Zachary A. Collier,et al.  Systems engineering framework for cyber physical security and resilience , 2015, Environment Systems and Decisions.

[30]  Carl Eklund,et al.  National Institute for Standards and Technology , 2009, Encyclopedia of Biometrics.

[31]  Sadie Creese,et al.  Security Risk Assessment in Internet of Things Systems , 2017, IT Professional.

[32]  C. Fung,et al.  Value analysis of cyber security based on attack types , 2015 .

[33]  重信 池戸,et al.  ISO (International Organization for Standardization ; 国際標準化機構) , 1997 .

[34]  Pete Burnap,et al.  Definition of Internet of Things (IoT) Cyber Risk Discussion on a Transformation Roadmap for Standardisation of Regulations Risk Maturity Strategy Design and Impact Assessment , 2019, ArXiv.

[35]  Michael Engel,et al.  Cyber-Physical Systems: Opportunities, Challenges and (Some) Solutions , 2016, Management of Cyber Physical Objects in the Future Internet of Things.

[36]  Pengcheng Zhang,et al.  A generalized modeling framework to analyze interdependencies among infrastructure systems , 2011 .

[37]  Sadie Creese,et al.  Sonification in security operations centres: what do security practitioners think? , 2018, ArXiv.

[38]  Kenneth M. Hanson,et al.  THE BAYES INFERENCE ENGINE , 1996 .

[39]  Petar Radanliev,et al.  Supply Chain Paradox: Green-field Architecture for Sustainable Strategy Formulation , 2015 .