Future developments in cyber risk assessment for the internet of things

This article is focused on the economic impact assessment of Internet of Things (IoT) and its associated cyber risks vectors and vertices – a reinterpretation of IoT verticals. We adapt to IoT both the Cyber Value at Risk model, a well-established model for measuring the maximum possible loss over a given time period, and the MicroMort model, a widely used model for predicting uncertainty through units of mortality risk. The resulting new IoT MicroMort for calculating IoT risk is tested and validated with real data from the BullGuard's IoT Scanner (over 310,000 scans) and the Garner report on IoT connected devices. Two calculations are developed, the current state of IoT cyber risk and the future forecasts of IoT cyber risk. Our work therefore advances the efforts of integrating cyber risk impact assessments and offer a better understanding of economic impact assessment for IoT cyber risk

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge

The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture

Methodology for Designing Decision Support Systems for Visualising and Mitigating Supply Chain Cyber Risk from IoT Technologies

This paper proposes a methodology for designing decision support systems for visualising and mitigating the Internet of Things cyber risks. Digital technologies present new cyber risk in the supply chain which are often not visible to companies participating in the supply chains. This study investigates how the Internet of Things cyber risks can be visualised and mitigated in the process of designing business and supply chain strategies. The emerging DSS methodology present new findings on how digital technologies affect business and supply chain systems. Through epistemological analysis, the article derives with a decision support system for visualising supply chain cyber risk from Internet of Things digital technologies. Such methods do not exist at present and this represents the first attempt to devise a decision support system that would enable practitioners to develop a step by step process for visualising, assessing and mitigating the emerging cyber risk from IoT technologies on shared infrastructure in legacy supply chain systems

Explainable AI methods in cyber risk management

AbstractArtificial intelligence (AI) methods are becoming widespread, especially when data are not sufficient to build classical statistical models, as is the case for cyber risk management. However, when applied to regulated industries, such as energy, finance, and health, AI methods lack explainability. Authorities aimed at validating machine learning models in regulated fields will not consider black‐box models, unless they are supplemented with further methods that explain why certain predictions have been obtained, and which are the variables that mostly concur to such predictions. Recently, Shapley values have been introduced for this purpose: They are model agnostic, and powerful, but are not normalized and, therefore, cannot become a standardized procedure. In this paper, we provide an explainable AI model that embeds Shapley values with a statistical normalization, based on Lorenz Zonoids, particularly suited for ordinal measurement variables that can be obtained to assess cyber risk

IOT Devices in Healthcare: Vulnerabilities, Threats and Mitigations

Internet of things has been a dream for many people in the beginning of the internet, today IOT devices are in every sector, healthcare being a major player because of the benefits as quality care for patients and easing the work for providers but on the other hand, it poses security threats to the patients and organizations, it is imperative to point out the best way to balance between the risks and opportunities that IOT creates for the sector; in this research, vulnerabilities and prior studies as well as ways to fix these weaknesses will be presented, it is also worth noting that due to the length of IOT vulnerabilities, the common ones will be discussed

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge

AbstractThe Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.</jats:p

Cyber Security Framework for the Internet-of-Things in Industry 4.0

This research article reports the results of a qualitative case study that correlates academic literature with five Industry 4.0 cyber trends, seven cyber risk frameworks and two cyber risk models. While there is a strong interest in industry and academia to standardise existing cyber risk frameworks, models and methodologies, an attempt to combine these approaches has not been done until present. We apply the grounded theory approach to derive with integration criteria for the reviewed frameworks, models and methodologies. Then, we propose a new architecture for the integration of the reviewed frameworks, models and methodologies. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of a holistic economic impact assessment model for IoT cyber risk

Obstacle Detection And Navigation System For Visually Impaired

There are many tools developed for blind people nowadays, but most of them have limited detection range and cannot be monitored wirelessly. This thesis discusses about an electronic navigation system (END), which is designed for the visually impaired people. The END is developed to have better detection range and angle with the feature of Internet of Things (IOT). Three ultrasonic sensors are proposed to detect obstacle. The distance between obstacle and the sensor is measured. The error of distance given by the system is calculated in order to see the performance of the system. The performance of three ultrasonic sensors versus one ultrasonic and the optimum distance between the sensors are investigated in this project. The movement of the visually impaired person can be monitored wirelessly and the operator can give instruction to the visually impaired person through speaker. For streaming the voice between the visually impaired person and system operator or vice versa, the Mumble VoIP is used. Arduino DUE is used to control the ultrasonic sensors. Signals received from the ultrasonic sensors are sent wirelessly to Raspberry Pi 3 controller by the use of Bluetooth module. The latitude and longitude of the user are provided by the GPS module where this data can be accessed in a log file and can be used for further processing by accessing the cloud database. Results show that the system is successfully developed and the latitude and longitude of the location can be viewed in log file. Three sensors give the best result with detection angle has increased by 125% compared to 1 sensor. With 5% or less detection error, the optimum distance between the sensors is 1 cm and the maximum distance that it can measure is 420 cm

Cyber Security Framework for the Internet-of-Things in Industry 4.0

This research article reports the results of a qualitative case study that correlates academic literature with five Industry 4.0 cyber trends, seven cyber risk frameworks and two cyber risk models. While there is a strong interest in industry and academia to standardise existing cyber risk frameworks, models and methodologies, an attempt to combine these approaches has not been done until present. We apply the grounded theory approach to derive with integration criteria for the reviewed frameworks, models and methodologies. Then, we propose a new architecture for the integration of the reviewed frameworks, models and methodologies. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of a holistic economic impact assessment model for IoT cyber risk