If you can't understand it, you can't properly assess it! The reality of assessing security risks in Internet of Things systems (original) (raw)
Related papers
Assessing the Internet of Things Security Risks
Journal of Communications
Internet of Things (IoT) has extensively altered the IT landscape, allowing thus no human requirements in order to fluently communicate. However, it has introduced uncertainty which led to the emergence of a myriad of security risks. As coping with these security risks is becoming more and more challenging, the need of a new Security Risk Assessment (SRA) approach dealing with the IoT heterogeneous and dynamic paradigm is needed. Indeed, SRA is the primary means preserving the business services' confidentiality, integrity and availability. Different SRA approaches exist but applying them to the pervasive paradigm of the IoT is commonly agreed as impotent. Therefore, we provide a novel approach based on the Elasticsearch Stack Solution (ELK) and the Plan, Do, Check, Act (PDCA) cycle aimed at efficiently assessing IoT' security risks. As a result, the provided approach has skillfully dealt with the IoT dynamic environment. Furthermore, a benchmark of our novel approach and the existing approaches is successfully realized highlighting eventually the main findings.
Towards a Framework for Assessing Cybersecurity Risks in Internet of Things (IOT) Devices
Journal on Systemics, Cybernetics and Informatics, 2021
The term Internet of Things (IoT) refers to a broad class of devices used by business entities as well as consumers to provide or consume a broad array of services. All these devices share their need to connect to the internet to deliver their native functionality. This connection requirement exposes the devices to the cybersecurity threats found on the internet. Existing literature on IoT cybersecurity solution models has shown that different technologies, such as communication technologies, mobile-app based authorization framework, graphtheoretic approach or blockchain technologies, have been majorly proposed to solve IoT security issues. However, these studies only focus on some specific IoT security issues like data theft or security issues on some specific layer across the whole IoT architecture. Therefore, there is a lack of systematic framework to solve IoT cybersecurity issues. This paper presents a framework for assessing such risks. In the qualitative analysis results, the device threats seem more severe than data confidentiality and privacy issues. This surprising finding highlights the significances of security taxonomy because both issues are based on different technical requirements. Our study has important managerial and practical implications for users, managers, and policymakers.
Assessing the Cybersecurity Risks Associated with the Internet of Things (IoT) Devices
Mikailalsys Journal of Advanced Engineering International, 2024
The rapid rise of the Internet of Things (IoT) in our daily lives has brought significant cybersecurity concerns to the forefront, emphasizing the need for both active and proactive measures. This research provides a comprehensive review of the literature on the cybersecurity challenges and threats faced by various IoT devices. It outlines proposed solutions and structural frameworks while also exploring different methods for detecting and identifying potential threats. Additionally, it highlights research gaps within the industrial and economic sectors of IoT applications. Our findings reveal that the main issues affecting IoT systems include cybercrime and privacy violations. While Artificial Intelligence holds great promise for enhancing cybersecurity, many attacks, particularly those focused on authentication and confidentiality, are still inadequately addressed by existing solutions. This indicates a pressing need for further research and practical testing of the recommended defenses.
Cyber Risk Management for the Internet of Things
2019
The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment need to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve th...
Security Risk Assessment in Internet of Things Systems
IT Professional
The version in the Kent Academic Repository may differ from the final published version. Users are advised to check http://kar.kent.ac.uk for the status of the paper. Users should always cite the published version of record.
Cyber-Risks in the Industrial Internet of Things (IIoT): Towards a Method for Continuous Assessment
Lecture Notes in Computer Science, 2018
Continuous risk monitoring is considered in the context of cybersecurity management for the Industrial Internet-of-Thing. Cyberrisk management best practice is for security controls to be deployed and configured in order to bring down risk exposure to an acceptable level. However, threats and known vulnerabilities are subject to change, and estimates of risk are subject to many uncertainties, so it is important to review risk assessments and update controls when required. Risks are typically reviewed periodically (e.g. once per month), but the accelerating pace of change means that this approach is not sustainable, and there is a requirement for continuous monitoring of cybersecurity risks. The method described in this paper aims to alert security staff of significant changes or trends in estimated risk exposure to facilitate rational and timely decisions. Additionally, it helps predict the success and impact of a nascent security breach allowing better prioritisation of threats and selection of appropriate responses. The method is illustrated using a scenario based on environmental control in a data centre.
2019
In this paper we present an understanding of cyber risks in the Internet of Things (IoT), we explain why it is important to understand what IoT cyber risks are and how we can use risk assessment and risk management approaches to deal with these challenges. We introduce the most effective ways of doing Risk assessment and Risk Management of IoT risk. As part of our research, we also developed methodologies to assess and manage risk in this emerging environment. This paper will take you through our research and we will explain: what we mean by the IoT; what we mean by risk and risk in the IoT; why risk assessment and risk management are important; the IoT risk management for incident response and recovery; what open questions on IoT risk assessment and risk management remain.
Assessing risks and threats with layered approach to Internet of Things security
Measurement and Control
Internet of Things is the next-generation Internet network created by intelligent objects with software and sensors, employed in a wide range of fields such as automotive, construction, health, textile, education and transportation. With the advent of Industry 4.0, Internet of Things has been started to be used and it has led to the emergence of innovative business models. The processing and production capabilities of Internet of Things objects in hidden and critical data provide great advantages for the next generation of Internet. However, the integrated features of Internet of Things objects cause vulnerabilities in terms of security, making them the target of cyber threats. In this study, a security model which offers an integrated risk-based Internet of Things security approach for the Internet of Things vulnerabilities while providing detailed information about Internet of Things and the types of attacks targeting Internet of Things is proposed. In addition, in this study, the...
2019
The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment needs to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve t...
Industrial Internet of Things vulnerabilities and threats: What stakeholders need to consider
Issues in Information Systems, 2019
The Industrial Internet of Things, or IIoT, introduces Internet-enabled devices into industrial process systems operating in the energy, transportation, healthcare, utilities, cities, agriculture, and other critical infrastructure sectors, establishing linkages between previously-air gapped information technology (IT) and operational technology (OT) networks. While the introduction of these Internet-enabled devices creates new efficiencies, improves performance, increases productivity, and increases profitability, it also introduces new security challenges and risks. IIoT is a system of systems; the architecture of a single IIoT system consists of different layers, with each layer performing a distinct function, having unique operational characteristics, and relying upon different devices and communication protocols than other layers of the system. Because of the unique characteristics of these various layers and functions, the vulnerabilities and threats associated with them also differ. Many internal stakeholders are involved in the conceptualization, planning and implementation of an organization's adoption of IIoT; while some may be experienced and knowledgeable technologists, others are not. Regardless of one's technical knowledge, recognition of the potentially-catastrophic consequences of successful exploitation of those vulnerabilities necessitate at least some familiarity with security vulnerabilities and threats associated with the various IIoT layers and subsystems. The purpose of this article is to identify for IIoT stakeholders some of the vulnerabilities and threats associated with various layers and functions of an IIoT architecture and illuminate the need for a comprehensive, systematic, and layer-appropriate approach to IIoT security.