Emerging Cybersecurity Capability Gaps in the Industrial Internet of Things: Overview and Research Agenda-Reference-Cited by-同舟云学术

Emerging Cybersecurity Capability Gaps in the Industrial Internet of Things: Overview and Research Agenda

Published:2022-12-05 Issue:4 Volume:3 Page:1-27
ISSN:2692-1626
Container-title:Digital Threats: Research and Practice
language:en
Short-container-title:Digital Threats

Author:

Axon Louise¹,Fletcher Katherine¹,Scott Arianna Schuler¹,Stolz Marcel¹,Hannigan Robert¹,Kaafarani Ali El¹,Goldsmith Michael¹,Creese Sadie¹

Affiliation:

1. University of Oxford, Oxford, UK

Abstract

Internet of Things (IoT)-enabled devices are becoming integrated into a significant and increasing proportion of critical infrastructures, changing the cybersecurity-risk landscape. Risk is being introduced to industry sectors such as transport, energy, and manufacturing, with new attack surfaces exposed and potential for increased harm. Furthermore, risk and harm arising in the Industrial IoT (IIoT) could propagate across interconnected organisations and sectors, resulting in systemic risk. Aspects of this changing risk landscape are not addressed by current cybersecurity approaches, leaving cybersecurity-capability gaps. In this article, we show how current and emerging cybersecurity needs in the IIoT align with a key industry cybersecurity standard, the NIST Cyber Security Framework. The key capability gaps emerging in the IIoT are identified based on our findings from a series of workshops with over 100 expert participants. We present a comprehensive research agenda to enable researchers to prioritise research focus to address these gaps; this research agenda covers the full lifecycle of IIoT development (design, implementation, use and decommission). Furthermore, we conclude that there is a significant gap in understanding of the nature of systemic risk, which should be a key priority if we are to develop effective solutions for cybersecurity and safety in IIoT environments.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Computer Science Applications,Hardware and Architecture,Safety Research,Information Systems,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3503920

Reference115 articles.

1. National Institute of Standards and Technology (NIST). 2021. Cybersecurity Framework v1.1. Retrieved January 27 2021 from https://www.nist.gov/cyberframework.

2. Center for Internet Security. 2019. CIS Controls. Retrieved January 27 2021 from https://www.cisecurity.org/controls/.

3. ISO. ISO/IEC27001Informationsecuritymanagement. Retrieved January 27 2021 from https://www.iso.org/isoiec-27001-information-security.html.

4. National Cyber Security Centre. CyberEssentials. Retrieved January 27 2021 from https://www.cyberessentials.ncsc.gov.uk/.

5. Industrial Internet Consortium. 2019. IoT security maturity model: Description and intended use. Retrieved January 27 2021 from https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_FINAL_Updated_V1.1.pdf.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Critical Review of Cybersecurity Education in the United States;Proceedings of the 55th ACM Technical Symposium on Computer Science Education V. 1;2024-03-07

2. INTERWEAVING THE STRANDS OF AI AND SOAR ONTO THE CYBERSECURITY MESH: A DEEP DIVE INTO THE CYBERSECURITY MESH AND ITS ROLE IN MODERN DIGITAL DEFENSE STRATEGIES;EDPACS;2023-07-17