Assessing Information Security Regulations for Domestic and Industrial Cyber-Physical Systems
TILTing Perspectives 2017: Regulating a Connected World, Tilburg, Netherlands, 17-19 May 2017
8 Pages Posted: 22 May 2017 Last revised: 1 Jun 2018
Date Written: May 22, 2017
Security incidents like targeted distributed denial of service (DDoS) attacks on power grids and industrial control system (ICS) hacks in factories are on the increase. This short paper unpacks where emerging security threats lie for industrial internet of things, considering both engineering and regulatory perspectives. We frame our analysis with the example of the smart energy supply chain, from exploration to consumption, examining emerging threat landscape for industrial IoT, particularly where new vulnerabilities may arise.
Changes deriving from the EU Network and Information Security (NIS) Directive 2016, the GDPR and UK/EU Cyber Security Strategies are key considerations. We argue industrial IoT bring four security elements to the fore, namely: the shift from offline to online, temporal dimensions of security, the implementation gap for best practice, and challenges of managing infrastructural complexity.
Keywords: industrial internet of things; cybersecurity; network and information security directive 2016; general data protection regulation 2016
Suggested Citation: Suggested Citation