International Cooperation on Cyber Security for Critical Information Infrastructure Protection (Cybersecurity of the Internet of Things Hub)

Lead Research Organisation: University College London
Department Name: Science, Tech, Eng and Public Policy

Abstract

Today we use many objects not normally associated with computers or the internet. These include gas meters and lights in our homes, healthcare devices, water distribution systems and cars. Increasingly, such objects are digitally connected and some are transitioning from cellular network connections (M2M) to using the internet: e.g. smart meters and cars - ultimately self-driving cars may revolutionise transport. This trend is driven by numerous forces. The connection of objects and use of their data can cut costs (e.g. allowing remote control of processes) creates new business opportunities (e.g. tailored consumer offerings), and can lead to new services (e.g. keeping older people safe in their homes).

This vision of interconnected physical objects is commonly referred to as the Internet of Things. The examples above not only illustrate the vast potential of such technology for economic and societal benefit, they also hint that such a vision comes with serious challenges and threats. For example, information from a smart meter can be used to infer when people are at home, and an autonomous car must make quick decisions of moral dimensions when faced with a child running across on a busy road. This means the Internet of Things needs to evolve in a trustworthy manner that individuals can understand and be comfortable with. It also suggests that the Internet of Things needs to be resilient against active attacks from organised crime, terror organisations or state-sponsored aggressors.

Therefore, this project creates a Hub for research, development, and translation for the Internet of Things, focussing on privacy, ethics, trust, reliability, acceptability, and security/safety: PETRAS, (also suggesting rock-solid foundations) for the Internet of Things. The Hub will be designed and run as a 'social and technological platform'. It will bring together UK academic institutions that are recognised international research leaders in this area, with users and partners from various industrial sectors, government agencies, and NGOs such as charities, to get a thorough understanding of these issues in terms of the potentially conflicting interests of private individuals, companies, and political institutions; and to become a world-leading centre for research, development, and innovation in this problem space.

Central to the Hub approach is the flexibility during the research programme to create projects that explore issues through impactful co-design with technical and social science experts and stakeholders, and to engage more widely with centres of excellence in the UK and overseas. Research themes will cut across all projects: Privacy and Trust; Safety and Security; Adoption and Acceptability; Standards, Governance, and Policy; and Harnessing Economic Value. Properly understanding the interaction of these themes is vital, and a great social, moral, and economic responsibility of the Hub in influencing tomorrow's Internet of Things. For example, a secure system that does not adequately respect privacy, or where there is the mere hint of such inadequacy, is unlikely to prove acceptable. Demonstrators, like wearable sensors in health care, will be used to explore and evaluate these research themes and their tension. New solutions are expected to come out of the majority of projects and demonstrators, many solutions will be generalisable to problems in other sectors, and all projects will produce valuable insights. A robust governance and management structure will ensure good management of the research portfolio, excellent user engagement and focussed coordination of impact from deliverables.

The Hub will further draw on the expertise, networks, and on-going projects of its members to create a cross-disciplinary language for sharing problems and solutions across research domains, industrial sectors, and government departments. This common language will enhance the outreach, development, and training activities of the Hub.

Publications

10 25 50

Related Projects

Project Reference Relationship Related To Start End Award Value
EP/N022785/1 29/02/2016 01/10/2017 £158,309
EP/N022785/2 Transfer EP/N022785/1 02/10/2017 01/09/2019 £98,484
 
Description To be confirmed. Unable to complete due to system error.

The project is in the early stages but one of the key findings to date has been that IoT security is not yet discussed with any depth at the international governmental level. While fieldwork interviews have revealed that many governments have quite considerable concerns about IoT security and its implications for critical infrastructure protection, interventions in the main fora for discussions on global cyber security still focus almost exclusively on the cyber security concerns of the past 25 years rather than looking forward to how these will be (re)shaped in the coming 25 years.

A second finding is that data streams themselves may be considered to be critical infrastructure in the future. This finding is being further developed through an investigation into the significance of data integrity in existing critical infrastructure and the extent to which the definition of UK critical infrastructure will need to be reconsidered in the future.
Exploitation Route To be confirmed. Unable to complete due to system error.

This finding forms the basis for other researchers or policy advisors to develop proposals for individual governments to inject national positions on IoT security in critical infrastructure into international organizations that discuss and debate global security.
Sectors Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice,Security and Diplomacy

 
Description To be confirmed. Unable to complete due to system error. This project is in the early stages of a two year timeframe. One of the key findings so far has been that the cyber security of the Internet of Things is not discussed in much depth (if at all) at some high level intergovernmental meetings where it really should be addressed. This is worrying as the security challenges are rapidly emerging and international cooperation will be essential to mitigating against them. For this reason, one of the important impact elements stems from our efforts to begin injecting this issue into key fora such as the United Nations Group of Governmental Experts meetings (see Engagement activities for our efforts there). While we are not yet able to measure impact in this dimension, that will be an indicator of our success over the coming 12 months and will be updated in our reporting here next year.
First Year Of Impact 2017
Sector Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice,Security and Diplomacy
Impact Types Policy & public services