Impact Assessment Model for the IoT (IAM)

The research project was undertaken between January 2018 and June 2018 at the Oxford e-Research Centre, University of Oxford. The research project combined desk-based research, literature review, case study research, grounded theory and mathematical approximations.

The aim of this research project was to build upon existing approaches for assessing the economic impact of cyber risk and to emerge with a new model, specific for assessing the economic impact of Internet of Things (IoT) cyber risk. The research project initiated with identifying the IoT cyber risk vectors and developing the architecture and the design principles for assessing the impact from these specific risk vectors. In the process, two distinct approaches are investigated, quantitative and qualitative IoT risk impact assessment.

The project produced a new impact assessment model for calculating the impact of IoT cyber risk, referred to as IoT MicroMort. This IoT MicroMort model presents new risk metrics and identifies some specific grand challenges for calculating the economic impact of IoT cyber risk. Secondly, the research project defined new design principles for mapping interactions among different IoT risk factors.

Milestones achieved:

The findings from the IAM project are publicly available and can be found in the output section below. Specific milestones of the IAM project are as follows:

• Method for designing and calculating the IoT MicroMort
• Defined the design principles for building the IoT in Industry 4.0 risk assessment though the integration of cyber security frameworks, models and approaches
• Mapping the values of IoT
• Assessment of the security risks in IoT systems

Output:

Radanliev, P., De Roure, D. C., Nicolescu, R., Huth, M., Montalvo, R. M., Cannady, S., & Burnap, P. (2018). Future developments in cyber risk assessment for the internet of things. Computers in Industry, 102, 14–22. http://doi.org/10.1016/J.COMPIND.2018.08.002

Radanliev, P., De Roure, C.., Cannady, S., Montalvo, R.M., Nicolescu, R., Huth, M., 2018. Economic impact of IoT cyber risk – analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance, in: Living in the Internet of Things: Cybersecurity of the IoT – 2018. Institution of Engineering and Technology, London. https://doi.org/10.1049/cp.2018.0003

Radanliev, P., De Roure, C.D., Nurse, .R.C., Nicolescu, R., Huth, M., Cannady, C., Montalvo, R.M., Cannady, S., 2018. Integration of Cyber Security Frameworks, Models and Approaches for Building Design Principles for the Internet-of-things in Industry 4.0, in: Living in the Internet of Things: Cybersecurity of the IoT – 2018. IET, London. https://doi.org/10.1049/cp.2018.0041

Nicolescu, R., Huth, M., Radanliev, P., De Roure, D., & Nicolescu, R. (2018). Mapping the values of IoT. Journal of Information Technology, 1–16. http://doi.org/10.1057/s41265-018-0054-1

Nurse, J.R.C, Radanliev, P., Creese, S., De Roure, C.D., 2018. If you can’t understand it, you can’t properly assess it! The reality of assessing security risks in Internet of Things systems, in: Living in the Internet of Things: Cybersecurity of the IoT – 2018. Institution of Engineering and Technology. https://doi.org/10.1049/cp.2018.0001

Nurse, J., Creese, S., & De Roure, D. (2017). Security Risk Assessment in Internet of Things Systems. IT Professional, 19(5), 20–26. http://doi.org/10.1109/MITP.2017.3680959

Project engagement:  

The IAM project conducted two case studies and one focus group:

• Case Study with Cisco Systems on the Economic Impact of IoT Cyber Risk
• Case Study with Cardiff University on the Goal-Oriented Approach research applied on Airbus
• Focus Group with Cisco Systems and Coelition