Our digital society, including its digital industry, is becoming increasingly dependent on information and communication technologies and this is amplified by the introduction and uncontrolled proliferation of Internet-of-Things technologies that do not only make our lives easier, but also introduce massive new cyber security threats.
INTERSCT. is a virtual research institute that brings together research on Cyber-Security for the Internet-of-Things (IoT) launched by the INTERSECT project, the largest cybersecurity project ever granted by the Dutch national research council NWO.
..and the rise of the Internet of Things increases vulnerability to cyber attacks. All this and more means that cyber security has never been more important.
The digitization of our society and our economy has led to a dependency on information and communication technologies and thus to serious risks related to our cyber security. Until recently risks were, in general, restricted to information security, network security and application security ensuring the confidentiality, the availability and the integrity of data, but with the Internet-of-Things (IoT) we are seamlessly connecting the cyber and the physical worlds extending the risk area to safety requiring a broader perspective on security.
IoT is turning out to be one of the weakest spots in our infrastructure. With billions and in the near future potentially trillions of devices, the security risks are growing at great rates. Our economic and societal forces are creating a perfect storm, a pervasive infrastructure of trillions of IoT devices which on one hand will oversee our lives and economy, and on the other hand will be completely unmanageable from a security perspective. To compound the risk, IoT systems are often devised and engineered in places where we have no control on, and unless we want to basically surrender our digital sovereignty by only relying on foreign solutions for our national cyber security, we need to find a way to secure them regardless of provenance and built-in malicious intents.
We are at a watershed moment in history and unless we take action immediately, we run the risk of being overcome by technology that will fundamentally and irreversibly undermine our cyber security and our safety. It is not just a matter of achieving an acceleration of technological innovations, it is actually a matter of achieving a transformative change in society.
Nevertheless, at the same time, digitalization also involves some threats which need to be mitigated: the more digital manufacturing companies become, the more vulnerable they are in terms of cyber-security.
The R&D and (technological) innovation program on Cyber Security of Internet-of-Things is supported by more than 40 partners from academia. industry, government and civil society.
…, the Internet of Things (IoT) is not in itself a new technological development … However, because of the great flight it is expected to take in the coming years, it forces us to rethink how to deal with its vulnerabilities.
To secure something we cannot manage, we need to re-think the security paradigm, delegating part of the security management to the system that needs to autonomously adapt to the changing environment, while remaining under our supervision, and re-think accordingly all our security technologies. We need to be able to design, develop, manufacture and deploy IoT systems-of-systems in a fundamentally different way enabling the overall system to become robust, resilient and trustworthy, even in the presence of individual IoT devices that are insecure or even compromised in a ε-trust environment and providing the right ecosystem for their wide adoption within industry.
We actually need to be able to design, develop, manufacture and deploy new types of IoT devices with security-by-design, security-by-default, robustness and resilience in mind; while continuously preserving all safety requirements, these devices must pro-actively manage their security, actively respond to attacks, recover from attacks, resume and restore themselves to a predefined level of operation following an attack etc., that is provide an appropriate product-level service continuity.
When building these properties into the devices themselves is not possible (e.g. because we have no control over their engineering), we must have capabilities (e.g. regulations, technologies) ready to find, isolate, and neutralize potential threats. We see it as our mission to produce a paradigm shift in the engineering of Secure IoT systems, by introducing autonomously adaptive security as a new evidence-driven paradigm for system design, development, and maintenance. We will develop a new system life cycle model and relevant enabling systems that allows us to effectively and efficiently design, develop and manufacture such devices (robust and resilient and trustworthy in a ε-trust environment). We will provide industry with the incentives and instruments to adopt these new methods and manufacture IoT systems accordingly, so that governments and citizens can adopt them, thereby enabling the birth and the growth of an Internet of Secure Things. This will eventually have a profound societal impact.
It is imperative that leaders strategically manage information risks, work towards a culture of shared cyber-risk ownership across organizations and take a strategic approach to cyber resilience. Effective cyber resilience requires a combined and aligned multi-disciplinary effort to move beyond compliance to cohesive business and digital enablement.