petras logo

PETRAS Sectors and Lenses

PETRAS projects are organised within a matrix of ‘sectors’ and ‘lenses’ that help to define research challenges in a real-world context.  

The Centre’s Lenses are research challenge domains: Securing the Edge; Useful, Usable Decentralisation; Law and Economics at the Edge; and Building Public Value at the Edge.  

The Sectors have specific application-focussed contexts in terms of technology, regulation, economics, interventions, and innovation: Ambient Environments; Supply Chains and Control Systems; Infrastructure; Health and Wellbeing; Agritech; and Transport and Mobility.  

Lenses and Sectors are units of synthesis of findings, points of contact for accessing the Centre’s programme and expertise, as well as special interest groups. 

Each project is associated with at least one challenge and applies its findings in at least one sector. 

Sectors

The world of IoT can be considered under sectors of application. This brings new technologies, standardisation and regulatory contexts to each sector.  

Ambient Environments (Built Environment / Homes / Cities / Public Spaces)

Cities, neighbourhoods, homes, and the environment in which we live are affected by the integration of IoT and ‘Edge’ technologies. This sector looks at how the IoT may affect our everyday experience of the world around us. It will study how our private spaces and privacy can be maintained in an environment where, increasingly, information is being captured and shared. Research in this application area will look at a cross section of settings, including retail, leisure, work and home. 

Examples: 

  • How do we measure the impact of ambient technologies on user perceptions of security and privacy? 
  • How can sensed data link to higher level decisions and perceptions? 
  • Can we determine the value of aggregated information considering provenance and quality for ambient sensors?
  • How do we contextualise and influence user behaviour in an urban environment? 
  • How can dynamically varying risk & trust in a smart home be conveyed in a meaningful way? 

Supply Chains and Control Systems (Industrial / Buildings / Utilities)

The focus of this sector is the use of IoT devices and networks within the supply chain and in control systems. From a supply chain perspective, the IoT solution may involve passive devices (e.g. RFID tags) attached to an object, or small low power devices to enable tracking and traceability within a factory. The control systems applications range across buildings (BMS) to industrial (ICS) or transport systems and potentially involve the use of IoT sensors to monitor performance, track objects or provide data. Research in this sector aims to explore security issues, of the controlled system, the device and the data it provides, and the application architecture. 

Examples: 

  • Understanding integrity: How do we map observed data flows and device activity to expected outcomes? 
  • Understanding assurance: How do we provide security and privacy assurances in critical infrastructure system applications 
  • Understanding interdependence/complexity: How might information be shared and used in at the Edge for risk mitigation?  
  • Understanding change: How does policy and regulation keep up with rapid technological change? 

Agritech 

The UK produces less than half of the food it consumes and relies on produce being readily available. It is important to ensure that food security is not impacted by cyber-attacks on the surrounding infrastructure, processes, sensors or Edge computing used in agriculture and farming. Previous focus has been on avoiding attacks on the administrative side of food production, rather than anticipating system disruption and failure as a result of attacks in sensor networks and Edge devices. This sector will look at exploring vulnerabilities in currently deployed Agritech.  

Examples: 

  • What types of vulnerabilities exist in currently deployed Agritech?  
  • What are realistic threat models?  
  • What are the dynamics of Agritech adoption?  
  • Can users reliably estimate risks & trade-offs? 
  • How do interdependencies between Food and Agriculture and other Critical National Infrastructure (CNI) sectors factor into cyber attacks?
  • Can the food and agriculture sector be treated similarly to other CNIs, considering its fragile nature? 

Health and Wellbeing (Critical care to leisure wearables)

This theme focuses on the challenges around IoT in the health care and wellbeing sectors. This may include diagnostic and monitoring sensors for identifying chronic diseases such as diabetes, also wellbeing enabling devices. Specific focus will be placed on the security of wireless technologies within wearable and implantable devices, addressing ethics, privacy, adoption and usage of medical information. 

Examples: 

  • Does storing sensitive data generated by devices at the Edge mitigate or increase vulnerabilities?  
  • How should wearable and implantable sensors operate in secure infrastructures?  
  • How do vulnerabilities in facilitating technologies, such as AI, WiFi, Bluetooth and potentially 5G, impact these systems?  
  • Can AI at the Edge help patients that currently have difficulties in using deployed technologies? 
  • What is the potential for helping designers make secure, user-friendly systems?  
  • What are the technical, ethical and legal challenges of these systems in employment contexts? 
  • Where should policy and regulation contribute? 

Infrastructure (Critical infrastructure and digital infrastructure)

Critical infrastructures include systems that are essential for the functioning of society and the economy.

Examples:

Digital Infrastructures

  • How does edge computing help us rethink responsibility in data sharing?
  • How to achieve trust; even when systems are working correctly, people can lose confidence in them?

Critical Infrastructures

  • Failing gracefully and bouncing back quickly: how can systems cope well with unanticipated shocks?
  • Are current security methods able to cope with adversarial attacks and AI-based inference, and if not, how might they be altered?

Transport and Mobility

There has been a great push for smarter, connected transport and mobility. IoT can enhance typical single mode transport systems to create new reactive models for multi-mode transport. However new systems and models face significant challenges if they are to be of maximum benefit. They need to manage mobile identity while protecting privacy, and to be flexible but resilient, secure and safe. This includes all aspects cyber, physical and their interfaces. 

Examples: 

  • What are the security and privacy requirements emerging from the interplay between humans, vehicles and infrastructure?  
  • Can we develop trustworthy and resilient AI systems for Connected and Autonomous Vehicular systems? 
  • Can we understand the emerging motivations and future crime scenarios in transport and mobility?  
  • Can we understand interdependencies and impact in complex dynamical systems? 

Lenses

The Lens programme provides a cross-cutting set of research headings that pull together common and generic themes that apply across one or more sectors. Such generic learning has the potential to assist government and the private sector in the creation of policies and best practices. 

Securing the Connected Edge 

This Lens looks at challenges stemming from the cyber-physical and socio-technical nature of systems at the Edge.  The role of AI at the Edge may be fundamental in securing systems. Use of IoT increases attack surfaces, requiring systems to detect, diagnose and react to potential attacks. Edge AI can enable systems to react to perceived threats as well as to make decisions on interventions using trade-offs (e.g. between safety and security). This Lens involves research on characterising vulnerabilities at the Edge, improving resilience, and understanding trade-offs.  

Examples: 

  • How can systems adapt to continue to operate safely and securely when they have been compromised?  
  • How do they recover and become more robust?  
  • How can AI help defend, adapt and recover systems in response to adverse events?  
  • How can we assure systems that continuously adapt and employ AI techniques, and how can we understand and mitigate the vulnerabilities of such techniques? 
  • How do users and autonomous systems interact with each other to ensure system resilience?  
  • How do we maintain security and resilience with legacy devices?  
  • What are the social and technical routines needed to stress-test systems for complex attacks? 

Public Value at the Edge

Connected IoT devices provide many avenues for public good, including increased understanding of the world to support policy interventions; new innovative goods and services; and information to help safeguard individuals.  

Many of these benefits will come from the combination of IoT with AI. New challenges are expected in processing the data at the Edge in ways that preserve privacy, security and trust yet yield the same benefits.

Examples:  

  • How can we secure decentralised computing or ‘AI’ applications in realistic IoT deployments?  
  • Do users trust these systems and approaches, and in which contexts?  
  • How can we defend against new threats such as poisoning of sensor data or exploiting the vulnerabilities of AI?  
  • How do privacy and securitypreserving approaches affect other tasks such as anomaly detection, or repurposing data for entirely novel applications?  
  • How can important information such as measurement quality or data provenance, be obtained and combined with data from sensors themselves?  
  • How do and might approaches to building public value using these new technologies coexist with existing and emerging legal frameworks? 

Useful and Useable Decentralisation 

There is a gap between autonomy on paper that decentralised systems promise to Edge-users, and the control that Edge users feel capable and able to exert, particularly given the number of decisions they are expected to make in this data-saturated world. Research in psychology and human-computer interaction is needed to identify how decentralised systems can be useful and useable in practice, rather than only in theory. This in turn is likely to trigger new questions for security researchers, for example in areas such as identification and interoperability.  

Examples: 

  • What can and should the users’ roles in securing systems be, and how do technical aspects of IoT security interact with these human factors?  
  • How can users work together to achieve their goals in a decentralised system? 
  • What methods of collaboration, both online and offline, can help individuals achieve their varied goals in their home environments, workplaces, and urban surroundings? 

Law and Economics at the Edge

Business and governance models for IoT systems, particularly those undertaking decentralised analytics, are still emerging. 

Examples: 

  • What are the main considerations in areas such as measurement, transactions and demand management in these systems?  
  • What new marketplaces, financing mechanisms and business models might create value generation?  
  • Emerging business models and IoT systems with analytic components are likely to touch upon a wide array of legal and governance provisions, such as data protection law, competition law, liability and platform regulation. How will these regimes cope with such systems? What are the major tensions they highlight or changes they would require to succeed 
  • What does, should, and could standardisation of these systems look like in national and international policy fora?