Lawrence J. Trautman,Mohammed T. Hussein,Louis Ngamassi,Mason J. Molesky

DOI: https://doi.org/10.48550/arXiv.2004.03765

2020-04-08

Abstract:Today's increasing rate of technological change results from the rapid growth in computer processing speed, when combined with the cost decline of processing capacity, and is of historical import. The daily life of billions of individuals worldwide has been forever changed by technology in just the last few years. Costly data breaches continue at an alarming rate. The challenge facing humans as they attempt to govern the process of artificial intelligence, machine learning, and the impact of billions of sensory devices connected to the Internet is the subject of this Article. We proceed in nine sections. First, we define the Internet of Things (IoT), comment on the explosive growth in sensory devices connected to the Internet, provide examples of IoT devices, and speak to the promise of the IoT. Second, we discuss legal requirements for corporate governance as a foundation for considering the challenge of governing the IoT. Third, we look at potential IoT threats. Fourth, we discuss the Mirai botnet. Fifth, is a look at the IoT threat vector vulnerabilities during times of crisis. Sixth, we discuss the Manufactured Usage Description (MUD) methodology. Seventh, is a discussion of recent regulatory developments. Next, we look at a few recommendations. And finally, we conclude. We believe this Article contributes to our understanding of the widespread exposure to malware associated with IoT and adds to the nascent but emerging literature on governance of enterprise risk, a subject of vital societal importance.

Computers and Society

Jieyu Li,Wenbo Chen

DOI: https://doi.org/10.54691/bcpbm.v25i.1752

2022-08-30

BCP Business & Management

Abstract:In the era of big data, the accelerated development of digital technology has become the leading force leading a new round of scientific and technological revolution. Manufacturing enterprises have also embarked on the journey of digital transformation. Under the digital background, the traditional risk management and control mode of enterprises is facing great challenges. As the external business environment and internal business process of the enterprise are becoming more and more complex, in the process of implementing internal control and risk management, there will be related problems such as inadequate data acquisition, low information processing efficiency and lagging information transmission. Therefore, how to find a way for enterprises to survive and develop in the context of big data is particularly important for modern enterprises to effectively avoid risks and achieve high-quality sustainable development. While enjoying the convenience brought by the big data system, enterprises also face many uncertainties. Based on the theory of internal control and risk management, this paper analyzes the defects of internal control and risk management of most enterprises in the market at present, looks for the causes of risk, and puts forward specific solutions to help enterprises improve their ability to resist risks and ensure high-quality and sustainable development.

Brennecke, Martin,Fridgen, Gilbert,Radszuwill, Sven,Sedlmeir, Johannes

DOI: https://doi.org/10.1007/s10796-024-10511-z

2024-08-25

Information Systems Frontiers

Abstract:In the Internet of Things (IoT), interconnected smart things enable new products and services in cyber-physical systems. Yet, smart things not only inherit information technology (IT) security risks from their digital components, but they may also aggravate them through the use of technology platforms (TPs). In the context of the IoT, TPs describe a tangible (e.g., hardware) or intangible (e.g., software and standards) general-purpose technology that is shared between different models of smart things. While TPs are evolving rapidly owing to their functional and economic benefits, this is partly to the detriment of security, as several recent IoT security incidents demonstrate. We address this problem by formalizing the situation's dynamics with an established risk quantification approach from platforms in the automotive industry, namely a Bernoulli mixture model. We outline and discuss the implications of relevant parameters for security risks of TP use in the IoT, i.e., correlation and heterogeneity, vulnerability probability and conformity costs, exploit probability and non-conformity costs, as well as TP connectivity. We argue that these parameters should be considered in IoT governance decisions and delineate prescriptive governance implications, identifying potential counter-measures at the individual, organizational, and regulatory levels.

computer science, information systems, theory & methods

Ioannis Argyriou,Theocharis Tsoutsos

DOI: https://doi.org/10.3390/jmse12091593

IF: 2.744

2024-09-09

Journal of Marine Science and Engineering

Abstract:Integrating Internet of Things (IoT) devices into port operations has brought substantial improvements in efficiency, automation, and connectivity. However, this technological advancement has also introduced new operational risks, particularly in terms of cybersecurity vulnerabilities and potential disruptions. The primary objective of this scientific article is to comprehensively analyze and identify the primary security threats and vulnerabilities that IoT devices face when deployed in port environments. This includes examining potential risks, such as unauthorized access, cyberattacks, malware, etc., that could disrupt critical port operations and compromise sensitive information. This research aims to assess the critical entities associated with IoT devices in port environments and develop a comprehensive risk-management framework tailored to these settings. It also aims to explore and propose strategic measures and best practices to mitigate these risks. For this research, a risk-management framework grounded in the principles of ORM, which includes risk avoidance, reduction, sharing, and retention strategies, was developed. The primary outcome of this research is the development of a comprehensive risk-management framework specifically tailored for IoT devices in port environments, utilizing Operational Risk-Management (ORM) methodology. This framework will systematically identify and categorize critical vulnerabilities and potential threats for IoT devices. By addressing these objectives, the article seeks to provide actionable insights and guidelines that can be adopted by port authorities and stakeholders to safeguard their IoT infrastructure and maintain operational stability in the face of emerging threats.

oceanography,engineering, marine, ocean

Petar Radanliev,David De Roure,Max Van Kleek,Uchenna Ani,Pete Burnap,Eirini Anthi,Jason R. C. Nurse,Omar Santos,Rafael Mantilla Montalvo,LaTreall Maddox

DOI: https://doi.org/10.1007/s10669-020-09792-x

2020-11-24

Abstract:The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.

Cryptography and Security,Computers and Society

Jiajie Ling,Siwei Miao,Xiaojuan Zhang,Changyu Chen,Cheng Peng,Quanyuan Jiang

DOI: https://doi.org/10.1109/ei250167.2020.9346941

2020-01-01

Abstract:With the accelerating development of the Internet of Things (IoT), its applications in power system are gradually becoming various and comphcated, followed by the diversity of relevant technical requirements. In order to identify the characteristics of these requirements of IoT in power system, this paper proposes a refined characterization approach to define, classify and summarize them from three different aspects, namely, performance-criticaL security-critical and reachability critical. In multiple IoT enabled apphcation scenarios, performance-critical index and security-critical index mainly focus on data transmission and calculation, while reachability-critical index focuses on the communication coverage and quality of service, which creates a new perspective to characterize power system IoT applications and their technical requirements.

In Lee

DOI: https://doi.org/10.3390/fi12090157

2020-09-18

Future Internet

Abstract:Along with the growing threat of cyberattacks, cybersecurity has become one of the most important areas of the Internet of Things (IoT). The purpose of IoT cybersecurity is to reduce cybersecurity risk for organizations and users through the protection of IoT assets and privacy. New cybersecurity technologies and tools provide potential for better IoT security management. However, there is a lack of effective IoT cyber risk management frameworks for managers. This paper reviews IoT cybersecurity technologies and cyber risk management frameworks. Then, this paper presents a four-layer IoT cyber risk management framework. This paper also applies a linear programming method for the allocation of financial resources to multiple IoT cybersecurity projects. An illustration is provided as a proof of concept.

Jason R. C. Nurse,Sadie Creese,David De Roure

DOI: https://doi.org/10.48550/arXiv.1811.03290

2018-11-08

Cryptography and Security

Abstract:Information security risk assessment methods have served us well over the past two decades. They have provided a tool for organizations and governments to use in protecting themselves against pertinent risks. As the complexity, pervasiveness, and automation of technology systems increases and cyberspace matures, particularly with the Internet of Things (IoT), there is a strong argument that we will need new approaches to assess risk and build trust. The challenge with simply extending existing assessment methodologies to IoT systems is that we could be blind to new risks arising in such ecosystems. These risks could be related to the high degrees of connectivity present or the coupling of digital, cyber-physical, and social systems. This article makes the case for new methodologies to assess risk in this context that consider the dynamics and uniqueness of the IoT while maintaining the rigor of best practice in risk assessment.

Dapeng Zheng

DOI: https://doi.org/10.1155/2022/5234027

2022-06-03

Wireless Communications and Mobile Computing

Abstract:Corporate governance structure is a subject of great theoretical and practical significance, especially the impact of board characteristics on corporate performance, which has been the focus of scholars' attention. However, due to the particularity of China's commercial institutions, especially the state-owned commercial institutions in the transition economy, which have a strong government-led color in system, commercial institutions mainly rely on strengthening the governance of the board of directors to improve the effectiveness of their internal governance. Based on the basic principles of the Internet of Things (IOT) business environment, this paper divides the architecture of multiple IOT perception system into perception domain and business domain. This paper studies the development mode of the economic and business perception system stage of the Internet of Things: the primary stage, the growth and maturity stage, and the integration stage. Strengthen the establishment of an independent director system, create an environment in which independent directors exercise full power, strengthen penalties for violations of directors, strengthen the integrity of directors, and establish a scientific and reasonable board evaluation mechanism. The effective operation of enterprises is based on the perfect market rules and a good market order. The reform of state-owned enterprises with the core of establishing a modern enterprise system and improving corporate governance structure must be carried out simultaneously with the construction of market systems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abasi-amefon Obot Affia,Hilary Finch,Woosub Jung,Issah Abubakari Samori,Lucas Potter,Xavier-Lewis Palmer

DOI: https://doi.org/10.3390/iot4020009

2023-05-25

IoT

Abstract:The concept of the Internet of Things (IoT) spans decades, and the same can be said for its inclusion in healthcare. The IoT is an attractive target in medicine; it offers considerable potential in expanding care. However, the application of the IoT in healthcare is fraught with an array of challenges, and also, through it, numerous vulnerabilities that translate to wider attack surfaces and deeper degrees of damage possible to both consumers and their confidence within health systems, as a result of patient-specific data being available to access. Further, when IoT health devices (IoTHDs) are developed, a diverse range of attacks are possible. To understand the risks in this new landscape, it is important to understand the architecture of IoTHDs, operations, and the social dynamics that may govern their interactions. This paper aims to document and create a map regarding IoTHDs, lay the groundwork for better understanding security risks in emerging IoTHD modalities through a multi-layer approach, and suggest means for improved governance and interaction. We also discuss technological innovations expected to set the stage for novel exploits leading into the middle and latter parts of the 21st century.

Ievgeniia Kuzminykh,Bogdan Ghita,Jose M. Such

DOI: https://doi.org/10.1007/978-3-030-97777-1_5

2020-12-07

Abstract:Many companies consider IoT as a central element for increasing competitiveness. Despite the growing number of cyberattacks on IoT devices and the importance of IoT security, no study has yet primarily focused on the impact of IoT security measures on the security challenges. This paper presents a review of the current state of security of IoT in companies that produce IoT products and have begun a transformation towards the digitalization of their products and the associated production processes. The analysis of challenges in IoT security was conducted based on the review of resources and reports on IoT security, while mapping the relevant solutions/measures for strengthening security to the existing challenges. This mapping assists stakeholders in understanding the IoT security initiatives regarding their business needs and issues. Based on the analysis, we conclude that almost all companies have an understanding of basic security measures as encryption, but do not understand threat surface and not aware of advanced methods of protecting data and devices. The analysis shows that most companies do not have internal experts in IoT security and prefer to outsource security operations to security providers.

Cryptography and Security

Jason R.C. Nurse,Petar Radanliev,Sadie Creese,David De Roure

DOI: https://doi.org/10.1049/cp.2018.0001

2018-06-28

Abstract:Security risk assessment methods have served us well over the last two decades. As the complexity, pervasiveness and automation of technology systems increases, particularly with the Internet of Things (IoT), there is a convincing argument that we will need new approaches to assess risk and build system trust. In this article, we report on a series of scoping workshops and interviews with industry professionals (experts in enterprise systems, IoT and risk) conducted to investigate the validity of this argument. Additionally, our research aims to consult with these professionals to understand two crucial aspects. Firstly, we seek to identify the wider concerns in adopting IoT systems into a corporate environment, be it a smart manufacturing shop floor or a smart office. Secondly, we investigate the key challenges for approaches in industry that attempt to effectively and efficiently assess cyber-risk in the IoT.

Cryptography and Security,Computers and Society,Networking and Internet Architecture

Lijun Wei,Yuhan Yang,Jing Wu,Chengnian Long,Bo Li

DOI: https://doi.org/10.1109/jiot.2021.3139989

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Driven by the rapid development of the Internet of Things (IoT) technology, the issue of trust has become increasingly apparent and received considerable scholarly attention in recent years. With the occurrence of various security incidents, data leakage accidents, and service fraud, which seriously affects the quality of service and system efficiency of IoT, trust is fast becoming a key issue in IoT system. In addition to the security and efficiency, trust further contains the reliability, attack resistance, fairness, flexibility, and incentive, resulting in a wide range of new researches from the trust management framework to the quantification method. In this work, various dimensions of trust, including definition, composition, aggregation, and computation are introduced and analyzed. We focus on comprehensive comparison of the state-of-the-art trust management researches and the related applications. Besides, we explore and discuss the important challenges, including performance bottleneck, bidirectional trust, dynamic changes of context, privacy preserving, and cross-domain issue. Some potential enabling technologies for trust management are further analyzed. The objective of this article is to comprehend the trust issue and the composition of trust management in IoT, and illustrate the difference of existing work, thereby motivating further research interest in this field.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai-Chih Chang,Haoran Niu,Brian Kim,Suzanne Barber

DOI: https://doi.org/10.3390/e26070561

2024-06-29

Abstract:A user's devices such as their phone and computer are constantly bombarded by IoT devices and associated applications seeking connection to the user's devices. These IoT devices may or may not seek explicit user consent, thus leaving the users completely unaware the IoT device is collecting, using, and/or sharing their personal data or, only marginal informed, if the user consented to the connecting IoT device but did not read the associated privacy policies. Privacy policies are intended to inform users of what personally identifiable information (PII) data will be collected about them and the policies about how those PII data will be used and shared. This paper presents novel tools and the underlying algorithms employed by the Personal Privacy Assistant app (UTCID PPA) developed by the University of Texas at Austin Center for Identity to inform users of IoT devices seeking to connect to their devices and to notify those users of potential privacy risks posed by the respective IoT device. The assessment of these privacy risks must deal with the uncertainty associated with sharing the user's personal data. If privacy risk (R) equals the consequences (C) of an incident (i.e., personal data exposure) multiplied by the probability (P) of those consequences occurring (C × P), then efforts to control risks must seek to reduce the possible consequences of an incident as well as reduce the uncertainty of the incident and its consequences occurring. This research classifies risk according to two parameters: expected value of the incident's consequences and uncertainty (entropy) of those consequences. This research calculates the entropy of the privacy incident consequences by evaluating: (1) the data sharing policies governing the IoT resource and (2) the type of personal data exposed. The data sharing policies of an IoT resource are scored by the UTCID PrivacyCheck™, which uses machine learning to read and score the IoT resource privacy policies against metrics set forth by best practices and international regulations. The UTCID Identity Ecosystem uses empirical identity theft and fraud cases to assess the entropy of privacy incident consequences involving a specific type of personal data, such as name, address, Social Security number, fingerprint, and user location. By understanding the entropy of a privacy incident posed by a given IoT resource seeking to connect to a user's device, UTCID PPA offers actionable recommendations enhancing the user's control over IoT connections, interactions, their personal data, and, ultimately, user-centric privacy control.

Bo Yan,Xinni Wang,Ping Shi

DOI: https://doi.org/10.1080/03031853.2017.1284680

2017-01-02

Agrekon

Abstract:The Internet of Things (IoT) has enhanced the value of agricultural supply chains and reduced traditional risks. However, new risks to the agricultural supply chain have emerged in the IoT era. The risks in the agricultural supply chain under IoT, including risks related to perception, network, and application layers, are summarised in this paper. The ordered weighted averaging operator is utilised to quantitatively evaluate and sort these risks. Subsequently, the supply chain risk diffusion convergence model is used to identify the quantitative indicators that can measure risk fluctuations in the agricultural supply chain according to the risk assessment results. Finally, measures for risk management are proposed according to the results derived through the quantitative model for the agricultural supply chain under IoT.

agricultural economics & policy

Petar Radanliev,David C. De Roure,Jason R. C. Nurse,Rafael Mantilla Montalvo,Stacy Cannady,Omar Santos,La’Treall Maddox,Peter Burnap,Carsten Maple

DOI: https://doi.org/10.1007/s42452-019-1931-0

2020-01-08

SN Applied Sciences

Abstract:Abstract In this research article, we explore the use of a design process for adapting existing cyber risk assessment standards to allow the calculation of economic impact from IoT cyber risk. The paper presents a new model that includes a design process with new risk assessment vectors, specific for IoT cyber risk. To design new risk assessment vectors for IoT, the study applied a range of methodologies, including literature review, empirical study and comparative study, followed by theoretical analysis and grounded theory. An epistemological framework emerges from applying the constructivist grounded theory methodology to draw on knowledge from existing cyber risk frameworks, models and methodologies. This framework presents the current gaps in cyber risk standards and policies, and defines the design principles of future cyber risk impact assessment. The core contribution of the article therefore, being the presentation of a new model for impact assessment of IoT cyber risk.

English Else

Kwesi Hughes-Lartey,Meng Li,Francis E. Botchey,Zhen Qin

DOI: https://doi.org/10.1016/j.heliyon.2021.e06522

IF: 3.776

2021-01-01

Heliyon

Abstract:Internet of Things (IoT) presents opportunities for designing new technologies for organizations. Many organizations are beginning to accept these technologies for their daily work, where employees can be connected, both on the organization's premises and the "outside", for business continuity. However, organizations continue to experience data breach incidents. Even though there is a plethora of researches in Information Security, there "seems" to be little or lack of interest from the research community, when it comes to human factors and its relationship to data breach incidents. The focus is usually on the technological component of Information Technology systems. Regardless of any technological solutions introduced, human factors continue to be an area that lacks the required attention. Making the assumption that people will follow expected secure behavioral patterns and therefore system security expectations will be satisfied, may not necessarily be true. Security is not something that can simply be purchased; human factors will always prove to be an important space to explore. Hence, human factors are without a doubt a critical point in Information Security. In this study, we propose an Organizational Information Security Framework For Human Factors applicable to the Internet of Things, which includes countermeasures that can help prevent or reduce data breach incidents as a result of human factors. Using linear regression on data breach incidents reported in the United States of America from 2009 to 2017, the study validates human factors as a weak-point in information security that can be extended to Internet of Things by predicting the relationship between human factors and data breach incidents, and the strength of these relationships. Our results show that five breach incidents out of the seven typified human factors to statistically and significantly predict data breach incidents. Furthermore, the results also show a positive correlation between human factors and these data breach incidents.

Kaushik Ragothaman,Yong Wang,Bhaskar Rimal,Mark Lawrence

DOI: https://doi.org/10.3390/s23041805

2023-02-06

Abstract:Internet of Things (IoT) provides a wide range of services in domestic and industrial environments. Access control plays a crucial role in granting access rights to users and devices when an IoT device is connected to a network. However, many challenges exist in designing and implementing an ideal access control solution for the IoT due to the characteristics of the IoT including but not limited to the variety of the IoT devices, the resource constraints on the IoT devices, and the heterogeneous nature of the IoT. This paper conducts a comprehensive survey on access control in the IoT, including access control requirements, authorization architecture, access control models, access control policies, access control research challenges, and future directions. It identifies and summarizes key access control requirements in the IoT. The paper further evaluates the existing access control models to fulfill the access control requirements. Access control decisions are governed by access control policies. The existing approaches on dynamic policies' specification are reviewed. The challenges faced by the existing solutions for policies' specification are highlighted. Finally, the paper presents the research challenges and future directions of access control in the IoT. Due to the variety of IoT applications, there is no one-size-fits-all solution for access control in the IoT. Despite the challenges encountered in designing and implementing the access control in the IoT, it is desired to have an access control solution to meet all the identified requirements to secure the IoT.

Jing Gao,Yuhui Sun,Rameez Rameezdeen,Christopher Chow

DOI: https://doi.org/10.1080/03088839.2022.2155318

2022-12-12

Abstract:Maritime shipping is considered the backbone of the global supply chain. It is expected that future fully automated smart ports will be data-driven, harvesting power from advanced analytics and artificial intelligence. Under the hood, Internet of Things (IoT) technologies are considered as an enabling foundation of new data sources for innovations and high-level automation. Thus, enterprise data management becomes critical when implementing IoT projects. However, the implementation of data management needs to be governed. Although the IoT adoption in smart ports receives significant interest from the port authority, the effectiveness of the IoT adoption lacks proper evaluation and support of comprehensive data management policy and guidelines. By using the systematic literature review and a case study to analyze the current gaps in IoT data governance research, this research shows that IoT data governance still needs to catch up in smart ports. In particular, compared to other industries, data lifecycle management and data quality management are two key data governance areas that should receive increasing attention from the port authorities. It is believed that with adequate data governance, smart ports can truly harvest the power of IoT to improve operational efficiency and sustainability with an increasing level of automation.

transportation

Nan Zhang,Soteris Demetriou,Xianghang Mi,Wenrui Diao,Kan Yuan,Peiyuan Zong,Feng Qian,XiaoFeng Wang,Kai Chen,Yuan Tian,Carl A. Gunter,Kehuan Zhang,Patrick Tague,Yue-Hsun Lin

DOI: https://doi.org/10.48550/arXiv.1703.09809

2017-03-29

Abstract:Inspired by the boom of the consumer IoT market, many device manufacturers, start-up companies and technology giants have jumped into the space. Unfortunately, the exciting utility and rapid marketization of IoT, come at the expense of privacy and security. Industry reports and academic work have revealed many attacks on IoT systems, resulting in privacy leakage, property loss and large-scale availability problems. To mitigate such threats, a few solutions have been proposed. However, it is still less clear what are the impacts they can have on the IoT ecosystem. In this work, we aim to perform a comprehensive study on reported attacks and defenses in the realm of IoT aiming to find out what we know, where the current studies fall short and how to move forward. To this end, we first build a toolkit that searches through massive amount of online data using semantic analysis to identify over 3000 IoT-related articles. Further, by clustering such collected data using machine learning technologies, we are able to compare academic views with the findings from industry and other sources, in an attempt to understand the gaps between them, the trend of the IoT security risks and new problems that need further attention. We systemize this process, by proposing a taxonomy for the IoT ecosystem and organizing IoT security into five problem areas. We use this taxonomy as a beacon to assess each IoT work across a number of properties we define. Our assessment reveals that relevant security and privacy problems are far from solved. We discuss how each proposed solution can be applied to a problem area and highlight their strengths, assumptions and constraints. We stress the need for a security framework for IoT vendors and discuss the trend of shifting security liability to external or centralized entities. We also identify open research problems and provide suggestions towards a secure IoT ecosystem.

Cryptography and Security