International Cooperation on Cyber Security for Critical Information Infrastructure Protection (Cybersecurity of the Internet of Things Hub)
Lead Research Organisation:
Cardiff University
Department Name: Cardiff School of Law and Politics
Abstract
Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
People |
ORCID iD |
| Madeline Carr (Principal Investigator) |
Publications
Lesniewska. F
(2019)
Little Book of Critical Infrastructure and the Internet of Things
Lesniewska. F
(2019)
In the Eye of a Storm: Governance of Emerging Technologies in UK Ports Post Brexit
| Description | To be confirmed. Unable to complete due to system error. |
| Exploitation Route | http://To be confirmed. Unable to complete due to system error. |
| Sectors | Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice,Security and Diplomacy |
| Description | This project is in the early stages of a two year timeframe. One of the key findings so far has been that the cyber security of the Internet of Things is not discussed in much depth (if at all) at some high level intergovernmental meetings where it really should be addressed. This is worrying as the security challenges are rapidly emerging and international cooperation will be essential to mitigating against them. For this reason, one of the important impact elements stems from our efforts to begin injecting this issue into key fora such as the United Nations Group of Governmental Experts meetings (see Engagement activities for our efforts there). While we are not yet able to measure impact in this dimension, that will be an indicator of our success over the coming 12 months and will be updated in our reporting here next year. |
| Sector | Digital/Communication/Information Technologies (including Software),Government, Democracy and Justice,Security and Diplomacy |
| Impact Types | Policy & public services |
| Description | PETRAS SGP - IoT Policy Stress Test Report based on Industry and International IoT Stress-Testing Workshops for DCMS Secure by Default |
| Geographic Reach | National |
| Policy Influence Type | Implementation circular/rapid advice/letter to e.g. Ministry of Health |
| Impact | The SGP team organised two confidential workshops to stress test IoT policy changes proposed by DCMS Secure by Default. Workshops were designed in collaboration with DCMS Secure by Default and invited trusted third parties from industry and the international community. The results of the workshop were provided as policy recommendations in a confidential IoT Policy Stress Test Report to the DCMS Secure by Default team. |
| Description | PETRAS SGP: DCMS IoT Secure by Design Report |
| Geographic Reach | National |
| Policy Influence Type | Citation in other policy documents |
| Impact | Our PETRAS research resulted in a report for the Department for Digital, Culture, Media & Sport. The "Summary literature review of industry recommendations and international developments on IoT security" was both cited in the Ministerial report that sets out the Government's work to help ensure the consumer "internet of things" (IoT) is secure by design, with security built in from the start. Additionally, our report was added as Annex to the Government website alongside DCMS' publication. |
| URL | https://www.gov.uk/government/publications/secure-by-design |
| Description | Postgraduate Teaching on IoT in International Security |
| Geographic Reach | Local/Municipal/Regional |
| Policy Influence Type | Influenced training of practitioners or researchers |
| Impact | We have initiated teaching at postgraduate level that introduces the cyber security of the IoT to students - many of whom have ambitions to enter the public service and the private sector that supports UK cyber security policy making. This teaching is delivered currently through a number of modules in the Masters of International Relations but we are also in the approval process for a new MSc in Global Politics and Digital Technologies that will commence in September 2017 (impact still to come). |
| Description | Proposal for documentary series on IoT with BBC Radio Wales |
| Organisation | British Broadcasting Corporation (BBC) |
| Department | BBC Cymru Wales |
| Country | United Kingdom |
| Sector | Charity/Non Profit |
| PI Contribution | As a consequence of a radio interview following the Mirai IoT attack in October 2016, I worked together with a producer from BBC Radio Wales to develop a proposal for a four part documentary series on the IoT. The proposal is currently under review at the BBC and we await the outcome. My contribution involved formulating the appropriate subject matter focus and writing the intellectual content of the proposal. If the project is successful, I will co-write it with the producer. |
| Collaborator Contribution | Sonia Mathur (BBC) and I co-wrote the proposal. If successful, she will produce the documentary series. |
| Impact | The key outcome at this stage is the production proposal. If successful, the outcome will be 4 x 20 minute radio documentaries which will engage with a range of PETRAS projects currently underway in order to better inform society about what the future of IoT means for them. |
| Start Year | 2016 |
| Description | Academic Network Presentation to the Foreign Commonwealth Office |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The content of these conversations is closed but some discussion revolved broadly around topics related to our research on the lack of discussion of IoT at the UN as well as work we have been doing on cultures of security. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Blog post on DCMS website |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | International cooperation is vital for Internet of Things security: Blog post on website of Department of Digital, Culture, Media and Sport explaining the international dimension of the IoT. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://dcmsblog.uk/2017/12/international-cooperation-vital-internet-things-security/ |
| Description | Conference on Cyber Norms, MIT University |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | This group of global experts on cyber security policy met for the fifth time at MIT University to discuss progress and possible options for mitigating international cyber security concerns. I brought to the attention of the group the extent to which IoT security is thus far not being adequately addressed in these discussions. This draws on the preliminary findings of the project and represents an early effort to change this and bring IoT into the conversation. In an encouraging sign, several policy makers approached me after the presentation for information about the PETRAS hub research activities. Some of these will lead to collaboration. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Cybersecurity: "Preparing the Workforce" Conference |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | This conference was hosted by Keio University & Sasakawa USA in Tokyo. There were over 400 policy makers, academics and industry practitioners in the audience. They were predominantly from Japan but there were also many from the region and from the US and EU. I presented on behalf of the PETRAS research hub, explaining both the research we are undertaking and also the structure of the hub. I received many questions and comments from the audience about the cyber security of the IoT. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://www.keio.ac.jp/en/news/2017/Mar/14/48-20040/index.html |
| Description | Emerging Security Challenges Working Group |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The Partnership for Peace Consortium (PfPC) of Defense Academies and Security Studies Institutes is a voluntary association of institutes of higher learning in defence and security affairs. It links over 800 defence academies and security institutes in 59 countries. The Consortium has nine study/working groups, including one on Emerging Security Challenges (ESC WG) which aims to enhance the capacity of decision makers and policy shapers to identify and respond to emerging security challenges. For this workshop, the ESC WG offered cyber security capacity building support to the government and military of Ukraine. I presented on SGP and critical infrastructure issues in the context of the IoT. Ukraine policy and military personnel responded by acknowledging that they were under-prepared and we planned for some continued contact through PETRAS. |
| Year(s) Of Engagement Activity | 2016 |
| Description | Existing and future norms on international ICT infrastructure and data integrity |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | This workshop was organized around the second meeting for the 2016/17 session of the United Nations Group of Governmental Experts who focus on 'Developments in the Field of Information and Telecommunications in the Context of International Security'. This is a First Committee group that brings together government representatives and their advisors to negotiate agreed norms of responsible state behavior in cyberspace. Dr Tikk chaired the workshop and Dr Carr presented preliminary findings on the role of data integrity in the IoT and how data streams themselves could come to be viewed as critical infrastructure or even 'critical international infrastructure'. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://www.un.org/disarmament/topics/informationsecurity/ |
| Description | INCS-COE Working Group on IoT Cyber Security |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | The International Cyber Security Centre of Excellence in Japan brings together policy, industry and academic colleagues from Japan, the UK and the US to develop international collaborations and outputs. |
| Year(s) Of Engagement Activity | 2018 |
| Description | International Studies Association (ISA) Conference Panel on Cyber Norms |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Other audiences |
| Results and Impact | ISA is the primary annual meeting place for International Relations scholars. I initiated and chaired a round table on cyber norms for responsible state behavior in cyberspace. My own contribution was to highlight the lack of engagement in academia with issues of IoT in the context of global cyber security concerns. This led to a request from a journal editor for an article based on the round table content. It also led to a request from the director of the Georgetown University International Conference on Cyber Engagement. For the first time, this conference, which is aimed at practioners, industry, academia and policy makers, will have a panel on IoT in 2017. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Interview on BBC Radio Wales about the Mirai IoT attack |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Public/other audiences |
| Results and Impact | Following the first major Internet of Things attack, I was asked to explain the security challenges of the IoT on BBC Radio Wales. As a consequence, I worked with a BBC producer to develop a proposal for a four-part documentary series on the IoT. This is currently under review. |
| Year(s) Of Engagement Activity | 2016 |
| Description | Live media appearance TRT World News Channel, Turkey |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Public/other audiences |
| Results and Impact | Live interview broadcast on Turkish television: Global aspects of cybersecurity |
| Year(s) Of Engagement Activity | 2019 |
| Description | Multi-stakeholder Advisory Group on Internet Governance (MAGIG) |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | In 2016, I was invited to join the Multi-stakeholder Advisory Group on Internet Governance (MAGIG). The group meets four or five times a year to discuss and, where appropriate, coordinate UK approaches to Internet discussions in forums such as ICANN, the ITU and the Internet Governance Forum, among others. In November 2016, the topic of discussion was the IoT and I was able to offer insights from the SGP stream based on preliminary findings and future research plans. As a consequence, several members requested follow up material and further meetings to discuss possible collaborations. |
| Year(s) Of Engagement Activity | 2016 |
| Description | PETRAS SGP - Day 0 Event - Break-Out Group, Agile Governance |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | Delivered a Break-Out Session on "Agile Governance" following a presentation by the World Economic Forum as part of the "Governance and Policy Cooperation on the Cyber Security of IoT" Day 0 Event in London. The session involved a structured exercise in the course of which participants from various sectors and backgrounds had to think of ways to connect policymakers with technologists. |
| Year(s) Of Engagement Activity | 2018 |
| Description | PETRAS SGP - Engagement with Cyber Security Skills Unit of DCMS, 26 July 2017 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Policymakers/politicians |
| Results and Impact | SGP representatives Leonie Tanczer and Madeline Carr met with a member of the Cyber Security Skills Unit of DCMS to discuss potential collaboration and support for DCMS' future activities on IoT and cultures of security. |
| Year(s) Of Engagement Activity | 2017 |
| Description | PETRAS SGP - Panelist at PETRAS IoT Bi-Annual Conference, "Secure and Resilient Economy" Panel |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Presented SGP research on IoT standards. |
| Year(s) Of Engagement Activity | 2017 |
| Description | PETRAS SGP - Panelist at Royal Society Conference "Internet of Things: Opportunities and Threats" |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Presented SGP research on IoT security standards and challenges to current regulatory frameworks. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://royalsociety.org/~/media/events/2017/10/tof-iot/iot-conference%20report-final.pdf |
| Description | PETRAS SGP: "IoT Consent Workshop" with Pinsent Masons, 25 July 2017 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Professional Practitioners |
| Results and Impact | THE SGP Stream (Madeline Carr, Leonie Tanczer, Irina Brass) together with other PETRAS researchers (Carsten Maple) coordinated a workshop on consent with the international law firm and PETRAS user partner Pinsent Masons. The results of the workshop influenced the development of a White Paper that should result in a peer-reviewed academic publication. |
| Year(s) Of Engagement Activity | 2017 |
| Description | PETRAS SGP: Roundtable at the International Studies Association (ISA) Annual Convention 2017, Baltimore |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Dr Leonie Maria Tanczer was organiser and part of three roundtables at the International Studies Association. The conference has over 6500 attendees from all over the world and is the most respected and widely known scholarly association dedicated to international studies. Two of the three roundtables focused on security issues in relation to technology/IoT and included also presentations from renown scholars such as Professor Ron Deibert (CitizenLab) or Professor Didier Bigo (King's College London and at Sciences Po, Paris). |
| Year(s) Of Engagement Activity | 2017 |
| URL | http://www.isanet.org/Conferences/Baltimore-2017 |
| Description | PETRAS SGP: User Engagement Secure by Default (IoT) - Europe, Data, Digital and Security Directorate / Department of Culture, Media and Sport |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Meeting with Edward Venmore-Rowland, Secure by Default (IoT) Project Manager of the Europe, Data, Digital and Security Directorate within the Department of Culture, Media and Sport. Agreed to map the IoT legislative sphere in collaboration with the Directorate. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Panellist: Cyberwarfare and Artificial Intelligence |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Other audiences |
| Results and Impact | Panel: Cyberwarfare and Artificial Intelligence at Conference "A Shifting World Order: What to Expect in 2019" held in Beirut, Lebanon. Organised by The Carnegie Middle East Center |
| Year(s) Of Engagement Activity | 2018 |
| Description | Participated in expert round-table discussion |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | Invited participant on expert roundtable on Preventative Diplomacy and the Peaceful Resolution of Disputes in the Context of International Cyber Security. Discussion fed into a paper |
| Year(s) Of Engagement Activity | 2019 |
| Description | Preliminary meeting for International Cybsecurity Centre of Excellence (INCS-CoE) |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Other audiences |
| Results and Impact | Keio University has developed an International Cyber Security Center of Excellence (INCS-CoE) and wishes to develop formal links with academic institutions in the US and UK. This workshop was to discuss the terms of engagement between institutions and to finalize the charter of the INCS-CoE. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://www.keio.ac.jp/en/press-releases/2016/Nov/1/49-18700/ |
| Description | Research Alignment with the Department of Culture, Media and Sports |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The Standards, Governance and Policy Stream leads in the PETRAS project met with staff from the DCMS to discuss our mutual research agendas and to look for possible collaboration and alignment. We identified several avenues for further work together including surveying international activity on IoT SGP, possible secondment into the SGP stream, and a proposed joint workshop on further developing the 'secure by default' concept. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Schedule for workshop 'Facing Human Interconnections 2020-2120' International Relations Journal Centennial Special Edition workshop |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | A workshop for a special issue of International Relations journal 'Facing Human Interconnections 2020-2120'. The workshop brought contributors together to present their draft article to other academics and students. I presented the co-authored paper with Madeline Carr on the Internet of Things, Cooperation and Cybersecurity. |
| Year(s) Of Engagement Activity | 2019 |
| Description | Smart Ports Summit, Hilton, Canary Wharf, London |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | A participant on the expert panel on governance and regulation of Smart Ports at the Smart Ports Summit in London on 20 February 2019 |
| Year(s) Of Engagement Activity | 2019 |
| Description | Smart Ports and Security: Emerging Governance Challenges in the UK Context STEaPP/UCL Research Roundtable, 8 March 2019 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Professional Practitioners |
| Results and Impact | The Roundtable was co-designed to include participants from industry, lawyers, government and leading universities to ensure it addressed concrete questions about the increased use of digital technologies into ports operational systems. Using several scenarios, the Roundtable participants identified critical technical and governance challenges that the UK faces in incorporating digital technologies including the Internet of Things, Artificial Intelligence (AI) and Blockchain systems into existing operational systems. The outputs from the Roundtable will feed into ongoing research by the National and Internal Critical Infrastructure Protection project which will feed into ongoing governance policy developments taking place in the UK, especially after Brexit. |
| Year(s) Of Engagement Activity | 2019 |
| Description | Track 1.5 Dialogue on Cyber Security with China |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The UK Foreign Commonwealth Office and the International Institute for Strategic Studies coordinate a Track 1.5 (mix of academics and policy makers) dialogue on cyber security with China. This group meets twice a year to further dialogue on issues that are difficult to approach on a governmental level. In November of 2016, I presented on and led the discussion on the cyber security of the Internet of Things. This allowed us to express some of the UK views on the challenges of the IoT and also to gather views from the Chinese side on behalf of the UK government. As a consequence of putting IoT on the agenda, we were introduced to counterparts in China with whom we will continue to collaborate. |
| Year(s) Of Engagement Activity | 2016,2017 |
| Description | UK Delegation to the ITU Plenipot |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | I participated as a member of the UK delegation to this meeting providing support on IoT and cyber security. |
| Year(s) Of Engagement Activity | 2018 |
| Description | UN Internet Governance Forum Roundtable on the Whois Database and CERTs |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Together with APNIC, we designed and hosted a panel discussion at the 2018 UN Internet Governance Forum on the changes in access for CERTs to the Whois Database under the GDPR. We engaged with ICANN, FIRST, human rights NGOs and international lawyers. As a consequence of the discussion, ICANN agreed to look at differentiated access to Whois for CERTs. |
| Year(s) Of Engagement Activity | 2018 |
| URL | https://www.intgovforum.org/multilingual/content/igf-2018-day-3-salle-ix-ws50-who-is-collected-discl... |
| Description | US - Australia Track 1.5 Dialogue on Cyber Security |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Policymakers/politicians |
| Results and Impact | The Australian Prime Minister requested my attendance at the inaugural US-Australia Track 1.5 (policy makers, industry and academia) in Washington DC. The content of the meeting is closed but I was able to introduce the themes our research engages with and highlight the need for further focus on IoT in international cooperation on global cyber security. |
| Year(s) Of Engagement Activity | 2016 |
| Description | United Nations Internet Governance Forum |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Assessing Internet governance approaches and mechanisms and fostering inclusiveness: What are the main strengths and weaknesses of existing Internet governance approaches and mechanisms? What can be done, and by whom, to foster more inclusive Internet governance at the national, regional and international levels? Technical Internet governance: How can the technical governance of the Internet (e.g. the development of standards and protocols, and the management of critical resources) take into account the needs and views of all stakeholders? Additional Policy Questions Information: What are the governance challenges facing policymakers and incident responders to manage risks and build resilience when facing supply chain attacks in the IoT? |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.intgovforum.org/multilingual/content/igf-2021-ws-228-supply-chain-governance-and-securit... |
| Description | Workshop on Cyber Risk at the ACE-CSR Conference |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Jointly designed and delivered a workshop on emerging risks in the IoT with colleagues from Warwick University. Generated data for a report which will be circulated to all participants and which will feed into wider views about emerging risk. |
| Year(s) Of Engagement Activity | 2018 |