Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge
- PDF / 1,480,300 Bytes
- 12 Pages / 595.276 x 790.866 pts Page_size
- 84 Downloads / 146 Views
Dynamic real‑time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge Petar Radanliev1 · David De Roure1 · Max Van Kleek1 · Uchenna Ani2 · Pete Burnap3 · Eirini Anthi3 · Jason R. C. Nurse4 · Omar Santos5 · Rafael Mantilla Montalvo5 · La’Treall Maddox5 Accepted: 10 November 2020 © The Author(s) 2020
Abstract The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture. Keywords Functional dependency · Network-based linear dependency modelling · Internet of things · Micro-mort model · Goal-oriented approach · Transformation roadmap · Cyber risk regulations · Empirical analysis · Cyber risk selfassessment · Cyber risk target state
1 Introduction This study is focused on standardising the Internet of Things (IoT) risk assessments (Das et al. 2019; Miaoui and Boudriga 2019; Burnap et al. 2017; Radanliev et al. 2020a; Schatz and Bashroush 2017). The contribution of the study is a
* Petar Radanliev [email protected] 1
Oxford e‑Research Centre, Department of Engineering Sciences, University of Oxford, Oxford, UK
2
STEaPP, Faculty of Engineering Science, University College London, London, UK
3
School of Computer Science and Informatics, Cardiff University, Cardiff, UK
4
School of Computing, University of Kent, Canterbury, UK
5
Cisco Research Centre, Research Triangle Park, Durham, NC, USA
new goal-oriented dependency model, with the ability to perform dynamic real-time predictive intelligence on threat frequency and the magnitude loss. The aim of the study is to identify a model that enables building dynamic confidence intervals and time bound ranges with real-time data and to address two objectives: First, to identify and capture a target state for c
Data Loading...
