IDEAS home Printed from https://ideas.repec.org/a/spr/envsyd/v41y2021i2d10.1007_s10669-020-09792-x.html
   My bibliography  Save this article

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge

Author

Listed:
  • Petar Radanliev

    (University of Oxford)

  • David Roure

    (University of Oxford)

  • Max Kleek

    (University of Oxford)

  • Uchenna Ani

    (University College London)

  • Pete Burnap

    (Cardiff University)

  • Eirini Anthi

    (Cardiff University)

  • Jason R. C. Nurse

    (University of Kent)

  • Omar Santos

    (Cisco Research Centre)

  • Rafael Mantilla Montalvo

    (Cisco Research Centre)

  • La’Treall Maddox

    (Cisco Research Centre)

Abstract

The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.

Suggested Citation

  • Petar Radanliev & David Roure & Max Kleek & Uchenna Ani & Pete Burnap & Eirini Anthi & Jason R. C. Nurse & Omar Santos & Rafael Mantilla Montalvo & La’Treall Maddox, 2021. "Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge," Environment Systems and Decisions, Springer, vol. 41(2), pages 236-247, June.
    • Handle: RePEc:spr:envsyd:v:41:y:2021:i:2:d:10.1007_s10669-020-09792-x
    DOI: 10.1007/s10669-020-09792-x
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10669-020-09792-x
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10669-020-09792-x?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Setola, Roberto & De Porcellinis, Stefano & Sforna, Marino, 2009. "Critical infrastructure dependency assessment using the input–output inoperability model," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(4), pages 170-178.
    2. Stergiopoulos, George & Kotzanikolaou, Panayiotis & Theocharidou, Marianthi & Lykou, Georgia & Gritzalis, Dimitris, 2016. "Time-based critical infrastructure dependency analysis for large-scale and cross-sectoral failures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 12(C), pages 46-60.
    3. Zhang, Pengcheng & Peeta, Srinivas, 2011. "A generalized modeling framework to analyze interdependencies among infrastructure systems," Transportation Research Part B: Methodological, Elsevier, vol. 45(3), pages 553-579, March.
    4. Laugé, Ana & Hernantes, Josune & Sarriegi, Jose M., 2015. "Critical infrastructure dependencies: A holistic, dynamic and quantitative approach," International Journal of Critical Infrastructure Protection, Elsevier, vol. 8(C), pages 16-23.
    5. Daniel Schatz & Rabih Bashroush, 2017. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 19(5), pages 1205-1228, October.
    6. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.
    7. Saini Das & Arunabha Mukhopadhyay & Debashis Saha & Samir Sadhukhan, 2019. "A Markov-Based Model for Information Security Risk Assessment in Healthcare MANETs," Information Systems Frontiers, Springer, vol. 21(5), pages 959-977, October.
    8. Radanliev, Petar & De Roure, David & Nicolescu, Razvan & Huth, Michael & Mantilla Montalvo, Rafael & Cannady, Stacy & Burnap, Peter, 2018. "Future developments in cyber risk assessment for the internet of things," MPRA Paper 92567, University Library of Munich, Germany, revised Sep 2018.
    9. Yosra Miaoui & Noureddine Boudriga, 0. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 0, pages 1-40.
    10. Daniel Schatz & Rabih Bashroush, 0. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zachary A. Collier & James H. Lambert & Igor Linkov, 2021. "Algorithms and models for decision making in advanced technology systems," Environment Systems and Decisions, Springer, vol. 41(2), pages 179-180, June.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    2. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    3. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 0. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 0, pages 1-18.
    4. Zenonas Turskis & Nikolaj Goranin & Assel Nurusheva & Seilkhan Boranbayev, 2019. "A Fuzzy WASPAS-Based Approach to Determine Critical Information Infrastructures of EU Sustainable Development," Sustainability, MDPI, vol. 11(2), pages 1-25, January.
    5. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 2021. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 23(3), pages 773-790, June.
    6. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    7. Harašta, Jakub, 2018. "Legally critical: Defining critical infrastructure in an interconnected world," International Journal of Critical Infrastructure Protection, Elsevier, vol. 21(C), pages 47-56.
    8. Radanliev, Petar & De Roure, David & R.C. Nurse, Jason & Burnap, Pete & Anthi, Eirini & Ani, Uchenna & Maddox, La’Treall & Santos, Omar & Mantilla Montalvo, Rafael, 2019. "Definition of Internet of Things (IoT) Cyber Risk – Discussion on a Transformation Roadmap for Standardization of Regulations, Risk Maturity, Strategy Design and Impact Assessment," MPRA Paper 92569, University Library of Munich, Germany.
    9. Fang, Zhixiang & Shaw, Shih-Lung & Tu, Wei & Li, Qingquan & Li, Yuguang, 2012. "Spatiotemporal analysis of critical transportation links based on time geographic concepts: a case study of critical bridges in Wuhan, China," Journal of Transport Geography, Elsevier, vol. 23(C), pages 44-59.
    10. Linn Svegrup & Jonas Johansson & Henrik Hassel, 2019. "Integration of Critical Infrastructure and Societal Consequence Models: Impact on Swedish Power System Mitigation Decisions," Risk Analysis, John Wiley & Sons, vol. 39(9), pages 1970-1996, September.
    11. David Rios Insua & Aitor Couce‐Vieira & Jose A. Rubio & Wolter Pieters & Katsiaryna Labunets & Daniel G. Rasines, 2021. "An Adversarial Risk Analysis Framework for Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 41(1), pages 16-36, January.
    12. Simon Trang & Benedikt Brendel, 2019. "A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research," Information Systems Frontiers, Springer, vol. 21(6), pages 1265-1284, December.
    13. Tejaswini C. Herath & Hemantha S. B. Herath & David Cullum, 2023. "An Information Security Performance Measurement Tool for Senior Managers: Balanced Scorecard Integration for Security Governance and Control Frameworks," Information Systems Frontiers, Springer, vol. 25(2), pages 681-721, April.
    14. Klein, Peter & Klein, Fabian, 2019. "Dynamics of interdependent critical infrastructures – A mathematical model with unexpected results," International Journal of Critical Infrastructure Protection, Elsevier, vol. 24(C), pages 69-77.
    15. Mateusz Iwo Dubaniowski & Hans R. Heinimann, 2020. "A framework for modeling interdependencies among households, businesses, and infrastructure systems; and their response to disruptions," Papers 2006.05678, arXiv.org.
    16. Lam, C.Y. & Tai, K., 2018. "Modeling infrastructure interdependencies by integrating network and fuzzy set theory," International Journal of Critical Infrastructure Protection, Elsevier, vol. 22(C), pages 51-61.
    17. Chopra, Shauhrat S. & Khanna, Vikas, 2015. "Interconnectedness and interdependencies of critical infrastructures in the US economy: Implications for resilience," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 436(C), pages 865-877.
    18. Martin (Dae Youp) Kang & Anat Hovav, 2020. "Benchmarking Methodology for Information Security Policy (BMISP): Artifact Development and Evaluation," Information Systems Frontiers, Springer, vol. 22(1), pages 221-242, February.
    19. Sellevåg, Stig Rune, 2021. "Changes in inoperability for interdependent industry sectors in Norway from 2012 to 2017," International Journal of Critical Infrastructure Protection, Elsevier, vol. 32(C).
    20. Hernandez-Fajardo, Isaac & Dueñas-Osorio, Leonardo, 2013. "Probabilistic study of cascading failures in complex interdependent lifeline systems," Reliability Engineering and System Safety, Elsevier, vol. 111(C), pages 260-272.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:envsyd:v:41:y:2021:i:2:d:10.1007_s10669-020-09792-x. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.