Skip to main content

Design and Justification of a Cybersecurity Assessment Framework for IoT-Based Environments

  • Conference paper
  • First Online:
Critical Information Infrastructures Security (CRITIS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13723))

  • 415 Accesses

Abstract

Today, our world is more connected than ever. One of the main drivers of this connection is the uprise of the Internet of Things (IoT). Associated with this rise, there are numerous challenges. One of the main challenges for IoT is to keep the environments that include IoT devices secure. IoT devices are different from traditional computer devices. Therefore, they need special treatment and guidance to be kept secure. This research identifies the limitations of current assessment frameworks to cover IoT-specific challenges. It discusses the possible assessment methods to assess these challenges. In addition, the potential solutions to secure these environments are listed. Afterward, the processes and guidelines that can be implemented are identified. All to generalize these findings into an overall applicable cybersecurity assessment framework for IoT-based environments. These steps are validated by existing research, existing cybersecurity frameworks, and interviews with cybersecurity experts. Together, these sources provide valid ground to guide IoT-based environments to improve security with the assistance of an assessment framework. This IoT assessment framework is the first of its kind and therefore valuable for all IoT-based environments. However, it still needs to improve to reach its full potential.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  • Alkhalil, A., Ramadan, R.A.: Io T data provenance implementation challenges. Procedia Comput. Sci. 109, 1134–1139 (2017). 8th International Conference on Ambient Systems, Networks and Technologies, ANT-2017 and the 7th International Conference on Sustainable Energy Information Technology, SEIT 2017, 16–19 May 2017, Madeira, Portugal

    Google Scholar 

  • Barrett, M.P., et al.: Framework for improving critical infrastructure cybersecurity version 1.1 (2018)

    Google Scholar 

  • Dardick, G.S.: Cyber forensics assurance (2010)

    Google Scholar 

  • Eldh, S., Hansson, H., Punnekkat, S., Pettersson, A., Sundmark, D.: A framework for comparing efficiency, effectiveness and applicability of software testing techniques. In: Testing: Academic and Industrial Conference-Practice And Research Techniques (TAIC PART’06), pp. 159–170. IEEE (2006)

    Google Scholar 

  • Fenrich, K.: Securing your control system: the “CIA triad” is a widely used benchmark for evaluating information system security effectiveness. Power Eng. (Barrington, Ill.) 112(2), 44 (2008)

    Google Scholar 

  • Gines, A., Lorente, F., Perez, J., de la Torre, A., Babón, O.: Baseline security recommendations for Io T, November 2017

    Google Scholar 

  • Gokhale, P., Bhat, O., Bhat, S.: Introduction to Io T. Int. Adv. Res. J. Sci. Eng. Technol. 5(1), 41–44 (2018)

    Google Scholar 

  • IEC: Quick start guide: an overview of ISA/IEC 62443 standards, ISA global cybersecurity alliance, June 2020

    Google Scholar 

  • IEC: Information security, cybersecurity and privacy protection. Standard, International Organization for Standardization, Geneva, CH, February 2022

    Google Scholar 

  • Karie, N.M., Sahri, N.M., Yang, W., Valli, C., Kebande, V.R.: A review of security standards and frameworks for Io T-based smart environments. IEEE Access 9, 121975–121995 (2021)

    Article  Google Scholar 

  • Leszczyna, R.: Review of cybersecurity assessment methods: applicability perspective. Comput. Secur. 108, 102376 (2021)

    Google Scholar 

  • Online, G.T.: What is grounded theory? (2009). https://www.groundedtheoryonline.com/what-is-grounded-theory/. Accessed 16 Mar 2022

  • Patel, K.K., Patel, S.M., et al.: Internet of things Io T: definition, characteristics, architecture, enabling technologies, application & future challenges. Int. J. Eng. Sci. Comput. 6(5) (2016)

    Google Scholar 

  • WG1, I.S.: Io TSF Io T security assurance framework release 3.0 Nov 2021, November 2021

    Google Scholar 

Download references

Acknowledgements

The author acknowledges the generous support from the research internship agency PwC. In addition, the guidance offered by Nele Mentens and Stefan Pickl have made this research a success.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Luit Verschuur .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Verschuur, L. (2023). Design and Justification of a Cybersecurity Assessment Framework for IoT-Based Environments. In: Hämmerli, B., Helmbrecht, U., Hommel, W., Kunczik, L., Pickl, S. (eds) Critical Information Infrastructures Security. CRITIS 2022. Lecture Notes in Computer Science, vol 13723. Springer, Cham. https://doi.org/10.1007/978-3-031-35190-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35190-7_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35189-1

  • Online ISBN: 978-3-031-35190-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics