Analysing IoT cyber risk for estimating IoT cyber insurance

Allen and Hamilton, 2014. Cyber Power Index: Findings and Methodology, McLean, Virginia. Available at: https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/EIU - Cyber Power Index Findings and Methodology.pdf [Accessed April 3, 2017]. Anderson, G., 2016. The Economic Impact of Technology Infrastructure for Smart Manufacturing. NIST Economic Analysis Briefs, 4. Available at: http://nvlpubs.nist.gov/nistpubs/eab/NIST.EAB.4.pdf [Accessed April 4, 2017]. Anderson, R. & Moore, T., 2006. The Economics of Information Security. Science AAAS, 314(5799), pp.610–613. Available at: http://science.sciencemag.org/content/314/5799/610.full [Accessed April 2, 2017]. Armin, J. et al., 2015. 2020 Cybercrime Economic Costs: No Measure No Solution. In 2015 10th International Conference on Availability, Reliability and Security. IEEE, pp. 701–710. Available at: http://ieeexplore.ieee.org/document/7299982/ [Accessed November 18, 2017]. Ashton, K., 2011. In the real world, things matter more than ideas. RFID Journal, 22(7). Available at: http://www.rfidjournal.com/articles/pdf?4986 [Accessed April 13, 2017]. Biener, C., Eling, M. & Wirfs, J.H., 2014. Insurability of Cyber Risk 1. The Geneva Association, pp.1–4. Available at: https://www.genevaassociation.org/media/891047/ga2014-if14-biener_elingwirfs.pdf [Accessed April 3, 2017]. Carruthers, K., 2016. Internet of Things and Beyond: Cyber-Physical Systems - IEEE Internet of Things. IEEE Internet of Things. Available at: http://iot.ieee.org/newsletter/may-2016/internet-of-things-and-beyond-cyber-physical-systems.html [Accessed April 11, 2017]. DiMase, D. et al., 2015. Systems engineering framework for cyber physical security and resilience. Environment Systems and Decisions, 35(2), pp.291–300. Available at: http://dx.doi.org/10.1007/s10669-015-9540-y. Evans, P.C. & Annunziata, M., 2012. Industrial Internet: Pushing the Boundaries of Minds and Machines, General Electric. Available at: https://www.ge.com/docs/chapters/Industrial_Internet.pdf [Accessed April 15, 2017]. Gershenfeld, N.A., 1999. When things start to think, New York, NY, USA: Henry Holt. Available at: https://books.google.com/books?hl=en&lr=&id=J8GLAwAAQBAJ&oi=fnd&pg=PP2&dq=When+Things+Start+to+Think&ots=8HHfEEuYYh&sig=vSgqQS_0PtX0cH_E_d0uDVTYlCI#v=onepage&q=When Things Start to Think&f=false [Accessed April 13, 2017]. Gordon, L.A. & Loeb, M.P., 2002. The economics of information security investment. ACM Transactions on Information and System Security, 5(4), pp.438–457. Available at: http://portal.acm.org/citation.cfm?doid=581271.581274 [Accessed April 2, 2017]. Gubbi, J. et al., 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), pp.1645–1660. Available at: http://www.sciencedirect.com/science/article/pii/S0167739X13000241 [Accessed August 11, 2016]. Jazdi, N., 2014. Cyber physical systems in the context of Industry 4.0. In 2014 IEEE International Conference on Automation, Quality and Testing, Robotics. IEEE, pp. 1–4. Available at: http://ieeexplore.ieee.org/document/6857843/ [Accessed April 14, 2017]. Kambatla, K. et al., 2014. Trends in big data analytics. J. Parallel Distrib. Comput, 74, pp.2561–2573. Available at: www.elsevier.com/locate/jpdc [Accessed April 11, 2017]. Kirkpatrick, K., 2013. Software-defined networking. Communications of the ACM, 56(9), p.16. Available at: http://dl.acm.org/citation.cfm?doid=2500468.2500473 [Accessed April 11, 2017]. Koch, R. & Rodosek, G., 2016. Proceedings of the 15th European Conference on Cyber Warfare and Security : ECCWS 2016 : hosted by Universität der Bundeswehr, Munich, Germany 7-8 July 2016, Available at: https://books.google.co.uk/books?hl=en&lr=&id=ijaeDAAAQBAJ&oi=fnd&pg=PA145&dq=economic+impact+of+cyber+risk&ots=50mTo8TVSV&sig=sD4V76yG5tG6IZIglmnGz3L1qqw&redir_esc=y#v=onepage&q=economic impact of cyber risk&f=false [Accessed April 3, 2017]. Lee, J., Bagheri, B. & Kao, H.-A., 2015. A Cyber-Physical Systems architecture for Industry 4.0-based manufacturing systems, Available at: http://www.sciencedirect.com/science/article/pii/S221384631400025X [Accessed April 14, 2017]. Leitão, P., Colombo, A.W. & Karnouskos, S., 2016. Industrial automation based on cyber-physical systems technologies: Prototype implementations and challenges. Computers in Industry, 81, pp.11–25. Available at: http://www.sciencedirect.com/science/article/pii/S0166361515300348 [Accessed April 15, 2017]. Leonard, T.C., 2008. Richard H. Thaler, Cass R. Sunstein, Nudge: Improving decisions about health, wealth, and happiness. Constitutional Political Economy, 19(4), pp.356–360. Available at: http://dx.doi.org/10.1007/s10602-008-9056-2. Lewis, D. & Brigder, D., 2004. Market Researchers make Increasing use of Brain Imaging. Advances in clinical neuroscience and rehabilitation, 5(3), pp.36–37. Available at: http://www.acnr.co.uk/pdfs/volume5issue3/v5i3specfeat.pdf [Accessed April 11, 2017]. Lipman Paul, 2017. New Reaper IoT Botnet Leaves 378 Million IoT Devices Potentially Vulnerable to Hacking, Available at: https://www.prnewswire.com/news-releases/new-reaper-iot-botnet-leaves-378-million-iot-devices-potentially-vulnerable-to-hacking-300542019.html [Accessed November 26, 2017]. Longstaff, T.A. & Haimes, Y.Y., 2002. A holistic roadmap for survivable infrastructure systems. IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans, 32(2), pp.260–268. Available at: http://ieeexplore.ieee.org/document/1021113/ [Accessed April 11, 2017]. Marwedel, P. & Engel, M., 2016. Cyber-Physical Systems: Opportunities, Challenges and (Some) Solutions. In Springer International Publishing, pp. 1–30. Available at: http://link.springer.com/10.1007/978-3-319-26869-9_1 [Accessed April 15, 2017]. Meulen, van der R., 2017. Gartner Says 8.4 Billion Connected "Things" Will Be in Use in 2017, Up 31 Percent From 2016, Egham. Available at: https://www.gartner.com/newsroom/id/3598917 [Accessed November 26, 2017]. Morgan, S., 2017. Gartner: Worldwide information security spending to hit $93B in 2018, Available at: https://www.csoonline.com/article/3219165/it-careers/gartner-worldwide-information-security-spending-to-hit-93b-in-2018.html [Accessed November 26, 2017]. Nurse, J.R.C. et al., 2018. Realities of Risk: ‘If you can’t understand it, you can’t properly assess it!’: The reality of assessing security risks in Internet of Things systems. In Living in the Internet of Things: Cybersecurity of the IoT - 2018. 28 - 29 March 2018 | IET London: Savoy Place: The Institution of Engineering and Technology, pp. 1–9. Available at: https://ieeexplore.ieee.org/document/8379688/ [Accessed June 1, 2018]. Ouyang, J. et al., 2014. SDF: software-defined flash for web-scale internet storage systems. In Proceedings of the 19th international conference on Architectural support for programming languages and operating systems - ASPLOS ’14. New York, New York, USA: ACM Press, pp. 471–484. Available at: http://dl.acm.org/citation.cfm?doid=2541940.2541959 [Accessed April 11, 2017]. Radanliev, P. et al., 2019. A reference architecture for integrating the Industrial Internet of Things in the Industry 4.0, Oxford. Radanliev, P., Roure, D.C. De, Nurse, J.R.C., Burnap, P., Anthi, E., et al., 2019a. Cyber risk from IoT technologies in the supply chain – discussion on supply chains decision support system for the digital economy, Oxford. Radanliev, P., Roure, D. De, Nurse, J.R.C., Nicolescu, R., Huth, M., et al., 2019b. Cyber risk impact assessment – discussion on assessing the risk from the IoT to the digital economy, Oxford. Radanliev, P., De Roure, D., et al., 2019. Cyber Risk in IoT Systems. Journal of Cyber Policy, pp.1–27. Radanliev, P., De Roure, D.C., Nurse, J.R.C., Burnap, P., et al., 2019. Definition of Cyber Strategy Transformation Roadmap for Standardisation of IoT Risk Impact Assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart, Oxford. Radanliev, P., De Roure, D.C., Nurse, J.R.C., Montalvo, R.M., Burnap, P., et al., 2019. Design principles for cyber risk impact assessment from Internet of Things (IoT), Oxford. Radanliev, P. et al., 2018. Future developments in cyber risk assessment for the internet of things. Computers in Industry, 102, pp.14–22. Available at: https://www.sciencedirect.com/science/article/pii/S0166361518301817 [Accessed August 22, 2018]. Radanliev, P. et al., 2018. Integration of Cyber Security Frameworks, Models and Approaches for Building Design Principles for the Internet-of-things in Industry 4.0. In Living in the Internet of Things: Cybersecurity of the IoT - 2018. London: IET, p. 41 (6 pp.)-41 (6 pp.). Available at: http://digital-library.theiet.org/content/conferences/10.1049/cp.2018.0041 [Accessed March 13, 2018]. Radanliev, P., Roure, D. De, Nurse, J.R.C., Nicolescu, R., Huth, M., et al., 2019c. New developments in Cyber Physical Systems, the Internet of Things and the Digital Economy – discussion on future developments in the Industrial Internet of Things and Industry 4.0, Oxford. Radanliev, P., De Roure, D.C., Nurse, J.R.C., Montalvo, R.M. & Burnap, P., 2019a. Standardisation of cyber risk impact assessment for the Internet of Things (IoT). Working paper. Radanliev, P., De Roure, D.C., Nurse, J.R.C., Montalvo, R.M. & Burnap, P., 2019b. The Industrial Internet-of-Things in the Industry 4.0 supply chains of small and medium sized enterprises, Oxford. Rajkumar, R. et al., 2010. Cyber-Physical Systems: The Next Computing Revolution. In Proceedings of the 47th Design Automation Conference on - DAC ’10. New York, New York, USA: ACM Press, p. 731. Available at: https://www.cs.virginia.edu/~stankovic/psfiles/Rajkumar-DAC2010-Final.pdf [Accessed April 11, 2017]. Rodewald, G. & Gus, 2005. Aligning information security investments with a firm’s risk tolerance. In Proceedings of the 2nd annual conference on Information security curriculum development - InfoSecCD ’05. New York, New York, USA: ACM Press, p. 139. Available at: http://portal.acm.org/citation.cfm?doid=1107622.1107654 [Accessed April 2, 2017]. Roumani, M.A. et al., 2016. Value Analysis of Cyber Security Based on Attack Types. ITMSOC Transactions on Innovation & Business Engineering, 01, pp.34–39. Available at: http://www.itmsoc.org [Accessed April 4, 2017]. Ruan, K., 2017. Introducing cybernomics: A unifying economic framework for measuring cyber risk. Computers & Security, 65, pp.77–89. Available at: http://www.sciencedirect.com/science/article/pii/S0167404816301407 [Accessed April 2, 2017]. Ruffle, S.J. et al., 2014. Stress Test Scenario: Sybil Logic Bomb Cyber Catastrophe. Cambridge Risk Framework series; Centre for Risk Studies, University of Cambridge. Available at: https://www.jbs.cam.ac.uk/fileadmin/user_upload/research/centres/risk/downloads/ccrs_cyber_catastrophe_scenario_october_2014.pdf [Accessed April 4, 2017]. Rutter, T., 2015. The rise of nudge – the unit helping politicians to fathom human behavior. The Guardian, 7(23), p.2015. Available at: https://www.theguardian.com/public-leaders-network/2015/jul/23/rise-nudge-unit-politicians-human-behaviour. Savage, K., 2017. IoT Devices Are Hacking Your Data & Stealing Your Privacy - Infographic, Available at: https://www.pwnieexpress.com/blog/iot-devices-attack-vector-infographic [Accessed November 26, 2017]. Shackelford, S.J., 2016. Protecting Intellectual Property and Privacy in the Digital Age: The Use of National Cybersecurity Strategies to Mitigate Cyber Risk. Chapman Law Review, 19, pp.412–445. Available at: http://heinonline.org/HOL/Page?handle=hein.journals/chlr19&id=469&div=26&collection=journals [Accessed April 3, 2017]. Skroupa, C., 2017. The Cost Of Cyber Breach - How Much Your Company Should Budget. Forbes. Available at: https://www.forbes.com/sites/christopherskroupa/2017/04/19/the-cost-of-cyber-breach-how-much-your-company-should-budget/#ad618d6ce746 [Accessed November 26, 2017]. Taylor, P., Allpress, S., Carr, M., Lupu, E., Norton, J., Smith, L. et al., 2018. Internet of Things realising the potential of a trusted smart world, London. Available at: www.raeng.org.uk/internetofthings [Accessed March 31, 2018]. U.S. Department of Energy, 2014. Cybersecurity Capability Maturity Model (C2M2) | Department of Energy, Washington, DC. Available at: https://energy.gov/oe/services/cybersecurity/cybersecurity-capability-maturity-model-c2m2-program/cybersecurity [Accessed January 8, 2018]. U.S. Department of Energy, 2015. Energy Sector Cybersecurity Framework Implementation Guidance, Available at: https://energy.gov/sites/prod/files/2015/01/f19/Energy Sector Cybersecurity Framework Implementation Guidance_FINAL_01-05-15.pdf [Accessed January 8, 2018]. Wahlster, W. et al., 2013. Recommendations for implementing the strategic initiative INDUSTRIE 4.0, Federal Ministry of Educationand Research. Available at: http://www.acatech.de/fileadmin/user_upload/Baumstruktur_nach_Website/Acatech/root/de/Material_fuer_Sonderseiten/Industrie_4.0/Final_report__Industrie_4.0_accessible.pdf [Accessed April 14, 2017]. Wark, T. et al., 2007. Transforming Agriculture through Pervasive Wireless Sensor Networks. IEEE Pervasive Computing, 6(2), pp.50–57. Available at: http://ieeexplore.ieee.org/document/4160605/ [Accessed April 11, 2017]. World Economic Forum, 2015. Partnering for Cyber Resilience Towards the Quantification of Cyber Threats, Geneva. Available at: http://www3.weforum.org/docs/WEFUSA_QuantificationofCyberThreats_Report2015.pdf [Accessed April 4, 2017].