International Cooperation on Cyber Security for Critical Information Infrastructure Protection (Cybersecurity of the Internet of Things Hub)

Lead Research Organisation: CARDIFF UNIVERSITY
Department Name: Cardiff School of Law and Politics

Abstract

Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
 
Description To be confirmed. Unable to complete due to system error.
Exploitation Route http://To be confirmed. Unable to complete due to system error.
Sectors Digital/Communication/Information Technologies (including Software)

Government

Democracy and Justice

Security and Diplomacy

 
Description This project is in the early stages of a two year timeframe. One of the key findings so far has been that the cyber security of the Internet of Things is not discussed in much depth (if at all) at some high level intergovernmental meetings where it really should be addressed. This is worrying as the security challenges are rapidly emerging and international cooperation will be essential to mitigating against them. For this reason, one of the important impact elements stems from our efforts to begin injecting this issue into key fora such as the United Nations Group of Governmental Experts meetings (see Engagement activities for our efforts there). While we are not yet able to measure impact in this dimension, that will be an indicator of our success over the coming 12 months and will be updated in our reporting here next year.
Sector Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice,Security and Diplomacy
Impact Types Policy & public services

 
Description PETRAS SGP - IoT Policy Stress Test Report based on Industry and International IoT Stress-Testing Workshops for DCMS Secure by Default
Geographic Reach National 
Policy Influence Type Implementation circular/rapid advice/letter to e.g. Ministry of Health
Impact The SGP team organised two confidential workshops to stress test IoT policy changes proposed by DCMS Secure by Default. Workshops were designed in collaboration with DCMS Secure by Default and invited trusted third parties from industry and the international community. The results of the workshop were provided as policy recommendations in a confidential IoT Policy Stress Test Report to the DCMS Secure by Default team.
 
Description PETRAS SGP: DCMS IoT Secure by Design Report
Geographic Reach National 
Policy Influence Type Citation in other policy documents
Impact Our PETRAS research resulted in a report for the Department for Digital, Culture, Media & Sport. The "Summary literature review of industry recommendations and international developments on IoT security" was both cited in the Ministerial report that sets out the Government's work to help ensure the consumer "internet of things" (IoT) is secure by design, with security built in from the start. Additionally, our report was added as Annex to the Government website alongside DCMS' publication.
URL https://www.gov.uk/government/publications/secure-by-design
 
Description Postgraduate Teaching on IoT in International Security
Geographic Reach Local/Municipal/Regional 
Policy Influence Type Influenced training of practitioners or researchers
Impact We have initiated teaching at postgraduate level that introduces the cyber security of the IoT to students - many of whom have ambitions to enter the public service and the private sector that supports UK cyber security policy making. This teaching is delivered currently through a number of modules in the Masters of International Relations but we are also in the approval process for a new MSc in Global Politics and Digital Technologies that will commence in September 2017 (impact still to come).
 
Description Proposal for documentary series on IoT with BBC Radio Wales 
Organisation British Broadcasting Corporation (BBC)
Department BBC Cymru Wales
Country United Kingdom 
Sector Charity/Non Profit 
PI Contribution As a consequence of a radio interview following the Mirai IoT attack in October 2016, I worked together with a producer from BBC Radio Wales to develop a proposal for a four part documentary series on the IoT. The proposal is currently under review at the BBC and we await the outcome. My contribution involved formulating the appropriate subject matter focus and writing the intellectual content of the proposal. If the project is successful, I will co-write it with the producer.
Collaborator Contribution Sonia Mathur (BBC) and I co-wrote the proposal. If successful, she will produce the documentary series.
Impact The key outcome at this stage is the production proposal. If successful, the outcome will be 4 x 20 minute radio documentaries which will engage with a range of PETRAS projects currently underway in order to better inform society about what the future of IoT means for them.
Start Year 2016
 
Description Academic Network Presentation to the Foreign Commonwealth Office 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The content of these conversations is closed but some discussion revolved broadly around topics related to our research on the lack of discussion of IoT at the UN as well as work we have been doing on cultures of security.
Year(s) Of Engagement Activity 2017
 
Description Blog post on DCMS website 
Form Of Engagement Activity Engagement focused website, blog or social media channel
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact International cooperation is vital for Internet of Things security: Blog post on website of Department of Digital, Culture, Media and Sport explaining the international dimension of the IoT.
Year(s) Of Engagement Activity 2017
URL https://dcmsblog.uk/2017/12/international-cooperation-vital-internet-things-security/
 
Description Conference on Cyber Norms, MIT University 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact This group of global experts on cyber security policy met for the fifth time at MIT University to discuss progress and possible options for mitigating international cyber security concerns. I brought to the attention of the group the extent to which IoT security is thus far not being adequately addressed in these discussions. This draws on the preliminary findings of the project and represents an early effort to change this and bring IoT into the conversation. In an encouraging sign, several policy makers approached me after the presentation for information about the PETRAS hub research activities. Some of these will lead to collaboration.
Year(s) Of Engagement Activity 2017
 
Description Cybersecurity: "Preparing the Workforce" Conference 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact This conference was hosted by Keio University & Sasakawa USA in Tokyo. There were over 400 policy makers, academics and industry practitioners in the audience. They were predominantly from Japan but there were also many from the region and from the US and EU. I presented on behalf of the PETRAS research hub, explaining both the research we are undertaking and also the structure of the hub. I received many questions and comments from the audience about the cyber security of the IoT.
Year(s) Of Engagement Activity 2017
URL https://www.keio.ac.jp/en/news/2017/Mar/14/48-20040/index.html
 
Description Emerging Security Challenges Working Group 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact The Partnership for Peace Consortium (PfPC) of Defense Academies and Security Studies Institutes is a voluntary association of institutes of higher learning in defence and security affairs. It links over 800 defence academies and security institutes in 59 countries. The Consortium has nine study/working groups, including one on Emerging Security Challenges (ESC WG) which aims to enhance the capacity of decision makers and policy shapers to identify and respond to emerging security challenges. For this workshop, the ESC WG offered cyber security capacity building support to the government and military of Ukraine. I presented on SGP and critical infrastructure issues in the context of the IoT. Ukraine policy and military personnel responded by acknowledging that they were under-prepared and we planned for some continued contact through PETRAS.
Year(s) Of Engagement Activity 2016
 
Description Existing and future norms on international ICT infrastructure and data integrity 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact This workshop was organized around the second meeting for the 2016/17 session of the United Nations Group of Governmental Experts who focus on 'Developments in the Field of Information and Telecommunications in the Context of International Security'. This is a First Committee group that brings together government representatives and their advisors to negotiate agreed norms of responsible state behavior in cyberspace. Dr Tikk chaired the workshop and Dr Carr presented preliminary findings on the role of data integrity in the IoT and how data streams themselves could come to be viewed as critical infrastructure or even 'critical international infrastructure'.
Year(s) Of Engagement Activity 2017
URL https://www.un.org/disarmament/topics/informationsecurity/
 
Description INCS-COE Working Group on IoT Cyber Security 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact The International Cyber Security Centre of Excellence in Japan brings together policy, industry and academic colleagues from Japan, the UK and the US to develop international collaborations and outputs.
Year(s) Of Engagement Activity 2018
 
Description International Studies Association (ISA) Conference Panel on Cyber Norms 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact ISA is the primary annual meeting place for International Relations scholars. I initiated and chaired a round table on cyber norms for responsible state behavior in cyberspace. My own contribution was to highlight the lack of engagement in academia with issues of IoT in the context of global cyber security concerns. This led to a request from a journal editor for an article based on the round table content. It also led to a request from the director of the Georgetown University International Conference on Cyber Engagement. For the first time, this conference, which is aimed at practioners, industry, academia and policy makers, will have a panel on IoT in 2017.
Year(s) Of Engagement Activity 2017
 
Description Interview on BBC Radio Wales about the Mirai IoT attack 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Public/other audiences
Results and Impact Following the first major Internet of Things attack, I was asked to explain the security challenges of the IoT on BBC Radio Wales. As a consequence, I worked with a BBC producer to develop a proposal for a four-part documentary series on the IoT. This is currently under review.
Year(s) Of Engagement Activity 2016
 
Description Live media appearance TRT World News Channel, Turkey 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Public/other audiences
Results and Impact Live interview broadcast on Turkish television: Global aspects of cybersecurity
Year(s) Of Engagement Activity 2019
 
Description Multi-stakeholder Advisory Group on Internet Governance (MAGIG) 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact In 2016, I was invited to join the Multi-stakeholder Advisory Group on Internet Governance (MAGIG). The group meets four or five times a year to discuss and, where appropriate, coordinate UK approaches to Internet discussions in forums such as ICANN, the ITU and the Internet Governance Forum, among others. In November 2016, the topic of discussion was the IoT and I was able to offer insights from the SGP stream based on preliminary findings and future research plans. As a consequence, several members requested follow up material and further meetings to discuss possible collaborations.
Year(s) Of Engagement Activity 2016
 
Description PETRAS SGP - Day 0 Event - Break-Out Group, Agile Governance 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Delivered a Break-Out Session on "Agile Governance" following a presentation by the World Economic Forum as part of the "Governance and Policy Cooperation on the Cyber Security of IoT" Day 0 Event in London. The session involved a structured exercise in the course of which participants from various sectors and backgrounds had to think of ways to connect policymakers with technologists.
Year(s) Of Engagement Activity 2018
 
Description PETRAS SGP - Engagement with Cyber Security Skills Unit of DCMS, 26 July 2017 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Policymakers/politicians
Results and Impact SGP representatives Leonie Tanczer and Madeline Carr met with a member of the Cyber Security Skills Unit of DCMS to discuss potential collaboration and support for DCMS' future activities on IoT and cultures of security.
Year(s) Of Engagement Activity 2017
 
Description PETRAS SGP - Panelist at PETRAS IoT Bi-Annual Conference, "Secure and Resilient Economy" Panel 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Presented SGP research on IoT standards.
Year(s) Of Engagement Activity 2017
 
Description PETRAS SGP - Panelist at Royal Society Conference "Internet of Things: Opportunities and Threats" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Presented SGP research on IoT security standards and challenges to current regulatory frameworks.
Year(s) Of Engagement Activity 2017
URL https://royalsociety.org/~/media/events/2017/10/tof-iot/iot-conference%20report-final.pdf
 
Description PETRAS SGP: "IoT Consent Workshop" with Pinsent Masons, 25 July 2017 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Professional Practitioners
Results and Impact THE SGP Stream (Madeline Carr, Leonie Tanczer, Irina Brass) together with other PETRAS researchers (Carsten Maple) coordinated a workshop on consent with the international law firm and PETRAS user partner Pinsent Masons. The results of the workshop influenced the development of a White Paper that should result in a peer-reviewed academic publication.
Year(s) Of Engagement Activity 2017
 
Description PETRAS SGP: Roundtable at the International Studies Association (ISA) Annual Convention 2017, Baltimore 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Dr Leonie Maria Tanczer was organiser and part of three roundtables at the International Studies Association. The conference has over 6500 attendees from all over the world and is the most respected and widely known scholarly association dedicated to international studies. Two of the three roundtables focused on security issues in relation to technology/IoT and included also presentations from renown scholars such as Professor Ron Deibert (CitizenLab) or Professor Didier Bigo (King's College London and at Sciences Po, Paris).
Year(s) Of Engagement Activity 2017
URL http://www.isanet.org/Conferences/Baltimore-2017
 
Description PETRAS SGP: User Engagement Secure by Default (IoT) - Europe, Data, Digital and Security Directorate / Department of Culture, Media and Sport 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Policymakers/politicians
Results and Impact Meeting with Edward Venmore-Rowland, Secure by Default (IoT) Project Manager of the Europe, Data, Digital and Security Directorate within the Department of Culture, Media and Sport. Agreed to map the IoT legislative sphere in collaboration with the Directorate.
Year(s) Of Engagement Activity 2017
 
Description Panellist: Cyberwarfare and Artificial Intelligence 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact Panel: Cyberwarfare and Artificial Intelligence at Conference "A Shifting World Order: What to Expect in 2019" held in Beirut, Lebanon.
Organised by The Carnegie Middle East Center
Year(s) Of Engagement Activity 2018
 
Description Participated in expert round-table discussion 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact Invited participant on expert roundtable on Preventative Diplomacy and the Peaceful Resolution of Disputes in the Context of International Cyber Security. Discussion fed into a paper
Year(s) Of Engagement Activity 2019
 
Description Preliminary meeting for International Cybsecurity Centre of Excellence (INCS-CoE) 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact Keio University has developed an International Cyber Security Center of Excellence (INCS-CoE) and wishes to develop formal links with academic institutions in the US and UK. This workshop was to discuss the terms of engagement between institutions and to finalize the charter of the INCS-CoE.
Year(s) Of Engagement Activity 2017
URL https://www.keio.ac.jp/en/press-releases/2016/Nov/1/49-18700/
 
Description Research Alignment with the Department of Culture, Media and Sports 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The Standards, Governance and Policy Stream leads in the PETRAS project met with staff from the DCMS to discuss our mutual research agendas and to look for possible collaboration and alignment. We identified several avenues for further work together including surveying international activity on IoT SGP, possible secondment into the SGP stream, and a proposed joint workshop on further developing the 'secure by default' concept.
Year(s) Of Engagement Activity 2017
 
Description Schedule for workshop 'Facing Human Interconnections 2020-2120' International Relations Journal Centennial Special Edition workshop 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact A workshop for a special issue of International Relations journal 'Facing Human Interconnections 2020-2120'. The workshop brought contributors together to present their draft article to other academics and students. I presented the co-authored paper with Madeline Carr on the Internet of Things, Cooperation and Cybersecurity.
Year(s) Of Engagement Activity 2019
 
Description Smart Ports Summit, Hilton, Canary Wharf, London 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact A participant on the expert panel on governance and regulation of Smart Ports at the Smart Ports Summit in London on 20 February 2019
Year(s) Of Engagement Activity 2019
 
Description Smart Ports and Security: Emerging Governance Challenges in the UK Context STEaPP/UCL Research Roundtable, 8 March 2019 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact The Roundtable was co-designed to include participants from industry, lawyers, government and leading universities to ensure it addressed concrete questions about the increased use of digital technologies into ports operational systems. Using several scenarios, the Roundtable participants identified critical technical and governance challenges that the UK faces in incorporating digital technologies including the Internet of Things, Artificial Intelligence (AI) and Blockchain systems into existing operational systems. The outputs from the Roundtable will feed into ongoing research by the National and Internal Critical Infrastructure Protection project which will feed into ongoing governance policy developments taking place in the UK, especially after Brexit.
Year(s) Of Engagement Activity 2019
 
Description Track 1.5 Dialogue on Cyber Security with China 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact The UK Foreign Commonwealth Office and the International Institute for Strategic Studies coordinate a Track 1.5 (mix of academics and policy makers) dialogue on cyber security with China. This group meets twice a year to further dialogue on issues that are difficult to approach on a governmental level. In November of 2016, I presented on and led the discussion on the cyber security of the Internet of Things. This allowed us to express some of the UK views on the challenges of the IoT and also to gather views from the Chinese side on behalf of the UK government. As a consequence of putting IoT on the agenda, we were introduced to counterparts in China with whom we will continue to collaborate.
Year(s) Of Engagement Activity 2016,2017
 
Description UK Delegation to the ITU Plenipot 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact I participated as a member of the UK delegation to this meeting providing support on IoT and cyber security.
Year(s) Of Engagement Activity 2018
 
Description UN Internet Governance Forum Roundtable on the Whois Database and CERTs 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Together with APNIC, we designed and hosted a panel discussion at the 2018 UN Internet Governance Forum on the changes in access for CERTs to the Whois Database under the GDPR. We engaged with ICANN, FIRST, human rights NGOs and international lawyers. As a consequence of the discussion, ICANN agreed to look at differentiated access to Whois for CERTs.
Year(s) Of Engagement Activity 2018
URL https://www.intgovforum.org/multilingual/content/igf-2018-day-3-salle-ix-ws50-who-is-collected-discl...
 
Description US - Australia Track 1.5 Dialogue on Cyber Security 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact The Australian Prime Minister requested my attendance at the inaugural US-Australia Track 1.5 (policy makers, industry and academia) in Washington DC. The content of the meeting is closed but I was able to introduce the themes our research engages with and highlight the need for further focus on IoT in international cooperation on global cyber security.
Year(s) Of Engagement Activity 2016
 
Description United Nations Internet Governance Forum 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact Assessing Internet governance approaches and mechanisms and fostering inclusiveness: What are the main strengths and weaknesses of existing Internet governance approaches and mechanisms? What can be done, and by whom, to foster more inclusive Internet governance at the national, regional and international levels?
Technical Internet governance: How can the technical governance of the Internet (e.g. the development of standards and protocols, and the management of critical resources) take into account the needs and views of all stakeholders?
Additional Policy Questions Information: What are the governance challenges facing policymakers and incident responders to manage risks and build resilience when facing supply chain attacks in the IoT?
Year(s) Of Engagement Activity 2021
URL https://www.intgovforum.org/multilingual/content/igf-2021-ws-228-supply-chain-governance-and-securit...
 
Description Workshop on Cyber Risk at the ACE-CSR Conference 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Jointly designed and delivered a workshop on emerging risks in the IoT with colleagues from Warwick University. Generated data for a report which will be circulated to all participants and which will feed into wider views about emerging risk.
Year(s) Of Engagement Activity 2018