NESSI Partners University of Southampton, SINTEF, MTU and NOKIA have jointly authored a paper in the EC-funded TELEMETRY project (https://telemetry-project.eu). TELEMETRY originated in NESSI’s Structured Call Process, which facilitates development of collaborative proposals amongst NESSI members.
The paper describes cybersecurity testing challenges in IoT ecosystems and proposes an approach to address them.
The key observations regarding the design of the proposed framework are summarised as follows:
- There is a need to consider the full lifecycle of IoT components – at their design time, their integration into systems, and operation of those systems.
- Threats and risks can propagate when components are connected together in systems – vulnerabilities in one component can affect other components in a system.
- IoT devices present limitations to current testing and management due to geographical distribution, opacity and limited processing power.
- Risk assessment fulfils an important requirement because it enables assessment of what elements are important to the system’s stakeholders, how these elements may be compromised, and how the compromises may be controlled.
- Feedback from operational monitoring of IoT devices can inform firmware updates / patches to the devices but there is a significant challenge in rolling out these patches to multiple low-power devices geographically distributed.
The paper’s full citation is:
Taylor, S., Jaatun, M., Mc Gibney, A., Seidl, R., Hrynchenko, P., Prosvirin, D. and Mancilla, R. (2024). ‘A Framework Addressing Challenges in Cybersecurity Testing of IoT Ecosystems and Components’ in Proceedings of the 9th International Conference on Internet of Things, Big Data and Security, ISBN 978-989-758-699-6, ISSN 2184-4976, pages 226-234. Available at: https://sintef.brage.unit.no/sintef-xmlui/handle/11250/3129361 and https://dx.doi.org/10.5220/0012676300003705