Security and Privacy of Things: Regulatory Challenges and Gaps for the Secure Integration of Cyber-Physical Systems

  • Geraldine Lee
  • Gregory EpiphaniouEmail author
  • Haider Al-Khateeb
  • Carsten Maple
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 797)


The rise of interconnected “intelligent” objects that move their capabilities from sensing and data processing to decision making will be a disruptive phenomenon that further widens the gaps between legal, regulatory and technological approaches. This research sets out to establish a guided road map through the maze of regulation by incorporating the fragmented governance efforts into a single focus where security and privacy gaps unique to machine-to-machine communication (M2M) are identified against key performance metrics. We use privacy, ethics, trust, legality, data sharing, operational integration and device and communication protocols as our key performance metrics to highlight areas of significant overlap and gaps in a comprehensive list of standards to assist policymakers and researchers in the field. Results also indicate that policy concerns and diffused responses from existing standards raise unacceptable risks for the cyber and physical spheres in the IoT preventing their integration with existing hierarchical security architectures and reducing the opportunities for mass-market economies of scale.


Internet of Things Machine-to-machine Cyber-physical systems Governance 


  1. 1.
    (2013) Iso/iec 29182-1:2013-information technology–sensor networks: sensor network reference architecture (snra)–part 1: general overview and requirements\(\_\)2013.
  2. 2.
    (2015a) iso/iec 27010:2015-information technology–security techniques–information security management for inter-sector and inter-organizational communications\(\_\)2015.
  3. 3.
    Abdul-Qawy AS, J PP, (2015) The internet of things (iot)&58; an overview. Int J Eng Res Appl 5(12)Google Scholar
  4. 4.
    Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805. Scholar
  5. 5.
    Babar SD, Prasad NR, Nielsen RH, Alam M, Chen K (2016) Multi-disciplinary applications requiring advanced iot and m2m. Role ICT Multi-Disc Appl 2030(47):23Google Scholar
  6. 6.
    Baldini G, Botterman M, Neisse R, Tallacchini M (2016) Ethical design in the internet of things. Sci Eng Ethics. Scholar
  7. 7.
    Boswarthick D, Elloumi O, Hersent O (2012) M2M communications: a systems approach. Wiley, HobokenGoogle Scholar
  8. 8.
  9. 9.
    Hsu DF, Marinucci D (2012) Advances in cyber security: technology, operations, and experiences. Oxford University Press, OxfordGoogle Scholar
  10. 10.
    ICO (2016) Preparing for the general data protection regulation (gdpr).
  11. 11.
    ISO (2011a) Iso/iec 24760-1:2011 information technology–security techniques–a framework for identity management–part 1: Terminology and concepts.
  12. 12.
    ISO (2011b) Iso/iex 29100:2011 information technology–security techniques–privacy framework.
  13. 13.
    ISO (2014) Iso/iec 27018:2014 information technology–security techniques–code of practice for protection of personally identifiable information (pii) in public clouds acting as pii processors.
  14. 14.
    ISO (2015b) Iso/iec 38500:2015 information technology–governance of it for the organization.
  15. 15.
    ISO (2016) Iso/iec 27009:2016 information technology–security techniques–sector-specific application of iso/iec 27001–requirements.
  16. 16.
    ISO (2017) Iso/iec 29134:2017 information technology–security techniques–guidelines for privacy impact assessment.
  17. 17.
    Lee J, Bagheri B, Jin C (2016) Introduction to cyber manufacturing. Manuf Lett 8:11–15CrossRefGoogle Scholar
  18. 18.
    Paez M, La Marca M (2016) The internet of things: emerging legal issues for businesses. N Ky L Rev 43:29Google Scholar
  19. 19.
    Shi J, Wan J, Yan H, Suo H (2011) A survey of cyber-physical systems. In: 2011 international conference on wireless communications and signal processing (WCSP), pp 1–6,

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Geraldine Lee
    • 1
  • Gregory Epiphaniou
    • 2
    Email author
  • Haider Al-Khateeb
    • 2
  • Carsten Maple
    • 3
  1. 1.QA LtdSloughUK
  2. 2.Wolverhampton Cyber Research Institute (WCRI), School of Mathematics and Computer ScienceUniversity of WolverhamptonWolverhamptonUK
  3. 3.WMG GroupUniversity of WarwickCoventryUK

Personalised recommendations