{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T19:48:54Z","timestamp":1774381734103,"version":"3.50.1"},"reference-count":58,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2021,7,22]],"date-time":"2021-07-22T00:00:00Z","timestamp":1626912000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,7,22]],"date-time":"2021-07-22T00:00:00Z","timestamp":1626912000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"publisher","award":["EP\/S035362\/1"],"award-info":[{"award-number":["EP\/S035362\/1"]}],"id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100004351","name":"Cisco Systems","doi-asserted-by":"crossref","award":["CG1525381"],"award-info":[{"award-number":["CG1525381"]}],"id":[{"id":"10.13039\/100004351","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Rev Socionetwork Strat"],"published-print":{"date-parts":[[2021,11]]},"abstract":"Abstract<\/jats:title>The Internet-of-Things (IoT) triggers data protection questions and new types of cyber risks. Cyber risk regulations for the IoT, however, are still in their infancy. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. At present, there are no self-assessment methods for quantifying IoT cyber risk posture. It is considered that IoT represent a complex system with too many uncontrollable risk states for quantitative risk assessment. To enable quantitative risk assessment of uncontrollable risk states in complex and coupled IoT systems, a new epistemological equation is designed and tested though comparative and empirical analysis. The comparative analysis is conducted on national digital strategies, followed by an empirical analysis of cyber risk assessment approaches. The results from the analysis present the current and a target state for IoT systems, followed by a transformation roadmap, describing how IoT systems can achieve the target state with a new epistemological analysis model. The new epistemological analysis approach enables the assessment of uncontrollable risk states in complex IoT systems\u2014which begin to resemble artificial intelligence\u2014and can be used for a quantitative self-assessment of IoT cyber risk posture.<\/jats:p>","DOI":"10.1007\/s12626-021-00086-5","type":"journal-article","created":{"date-parts":[[2021,7,22]],"date-time":"2021-07-22T19:17:16Z","timestamp":1626981436000},"page":"381-411","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":32,"title":["Epistemological Equation for Analysing Uncontrollable States in Complex Systems: Quantifying Cyber Risks from the Internet of Things"],"prefix":"10.1007","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5629-6857","authenticated-orcid":false,"given":"Petar","family":"Radanliev","sequence":"first","affiliation":[]},{"given":"David","family":"De Roure","sequence":"additional","affiliation":[]},{"given":"Pete","family":"Burnap","sequence":"additional","affiliation":[]},{"given":"Omar","family":"Santos","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,22]]},"reference":[{"key":"86_CR1","volume-title":"Cybernetic epistemology","author":"W Woodsmall","year":"1989","unstructured":"Woodsmall, W. (1989). Cybernetic epistemology. Next Step Press."},{"key":"86_CR2","unstructured":"Abu-Shaqra, B. (2020). Technoethics and Sensemaking: Risk Assessment and Knowledge Management of Ethical Hacking in a Sociotechnical Society. PhD diss., University of Ottawa."},{"issue":"2","key":"86_CR3","doi-asserted-by":"publisher","first-page":"73","DOI":"10.17645\/pag.v6i2.1338","volume":"6","author":"C Whyte","year":"2018","unstructured":"Whyte, C. (2018). Crossing the digital divide: monism, dualism and the reason collective action is critical for cyber theory production. Politics and Governance, 6(2), 73\u201382.","journal-title":"Politics and Governance"},{"issue":"1","key":"86_CR4","doi-asserted-by":"publisher","first-page":"205395171882381","DOI":"10.1177\/2053951718823815","volume":"6","author":"L Resnyansky","year":"2019","unstructured":"Resnyansky, L. (2019). Conceptual frameworks for social and cultural Big Data analytics: Answering the epistemological challenge. Big Data & Society, 6(1), 2053951718823815.","journal-title":"Big Data & Society"},{"issue":"3","key":"86_CR5","doi-asserted-by":"publisher","first-page":"377","DOI":"10.1080\/02684527.2020.1836828","volume":"36","author":"O Ormerod","year":"2021","unstructured":"Ormerod, O. (2021). Michael Polanyi and the epistemology of intelligence analysis. Intelligence and National Security, 36(3), 377\u2013391.","journal-title":"Intelligence and National Security"},{"issue":"5","key":"86_CR6","doi-asserted-by":"publisher","first-page":"659","DOI":"10.1177\/1461444809105345","volume":"11","author":"J Daniels","year":"2009","unstructured":"Daniels, J. (2009). Cloaked websites: propaganda, cyber-racism and epistemology in the digital era. New Media & Society, 11(5), 659\u2013683.","journal-title":"New Media & Society"},{"issue":"3","key":"86_CR7","first-page":"43","volume":"5","author":"PEC Martin","year":"2016","unstructured":"Martin, P. E. C. (2016). Cyber warfare schools of thought: bridging the epistemological\/ontological divide, part 1. Royal Canadian Air Force Journal, 5(3), 43\u201369.","journal-title":"Royal Canadian Air Force Journal"},{"issue":"2","key":"86_CR8","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1080\/23742917.2020.1843822","volume":"5","author":"UPA Ani","year":"2021","unstructured":"Ani, U. P. D., Watson, J. M., Green, B., Craggs, B., & Nurse, J. R. (2021). Design considerations for building credible security testbeds: Perspectives from industrial control system use cases. Journal of Cyber Security Technology, 5(2), 71\u2013119.","journal-title":"Journal of Cyber Security Technology"},{"key":"86_CR9","doi-asserted-by":"publisher","first-page":"102036","DOI":"10.1016\/j.cose.2020.102036","volume":"99","author":"R Knight","year":"2020","unstructured":"Knight, R., & Nurse, J. R. C. (2020). A framework for effective corporate communication after cyber security incidents. Computers & Security, 99, 102036.","journal-title":"Computers & Security"},{"key":"86_CR10","first-page":"1","volume":"58","author":"E Anthi","year":"2020","unstructured":"Anthi, E., Williams, L., Rhode, M., Burnap, P., & Wedgbury, A. (2020). Adversarial attacks on machine learning cybersecurity defences in industrial control systems. Journal of Information Security and Applications, 58, 1\u20139.","journal-title":"Journal of Information Security and Applications"},{"issue":"1","key":"86_CR11","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1080\/13523260.2019.1669336","volume":"41","author":"LM Tanczer","year":"2020","unstructured":"Tanczer, L. M. (2020). 50 shades of hacking: How IT and cybersecurity industry actors perceive good, bad, and former hackers. Contemporary Security Policy, 41(1), 108\u2013128.","journal-title":"Contemporary Security Policy"},{"issue":"4","key":"86_CR12","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1057\/s41265-018-0054-1","volume":"33","author":"R Nicolescu","year":"2018","unstructured":"Nicolescu, R., Huth, M., Radanliev, P., & De Roure, D. (2018). Mapping the values of IoT. Journal of Information Technology, 33(4), 345\u2013360.","journal-title":"Journal of Information Technology"},{"key":"86_CR13","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.compind.2018.08.002","volume":"102","author":"P Radanliev","year":"2018","unstructured":"Radanliev, P., De Roure, D., Nicolescu, R., Huth, M., Montalvo, R. M., Cannady, S., & Burnap, P. (2018). Future developments in cyber risk assessment for the internet of things. Computers in Industry, 102, 14\u201322.","journal-title":"Computers in Industry"},{"key":"86_CR14","unstructured":"Wynn, J., Whitmore, G., Upton, L., Spriggs, D., McKinnon, R., McInnes, R., Graubart, L., & Clausen, J. (2011). Threat assessment & remediation analysis (TARA) methodology description version 1.0. Bedford, MA."},{"key":"86_CR15","doi-asserted-by":"crossref","unstructured":"Caralli, R. A., Stevens, J. F., Young, L. R., & Wilson, W. R. (2007). Introducing OCTAVE allegro: improving the information security risk assessment process. Hansom AFB, MA.","DOI":"10.21236\/ADA470450"},{"key":"86_CR16","unstructured":"FAIR. (2017). Quantitative information risk management | The FAIR Institute. Factor Analysis of Information Risk. [Online]. http:\/\/www.fairinstitute.org\/. Accessed 26 Dec 2017."},{"key":"86_CR17","unstructured":"CVSS. (2019). Common vulnerability scoring system SIG. FIRST.org. [Online]. https:\/\/www.first.org\/cvss\/. Accessed 26 Dec 2017."},{"issue":"11","key":"86_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s42452-020-03559-4","volume":"2","author":"P Radanliev","year":"2020","unstructured":"Radanliev, P., De Roure, D., Walton, R., Van Kleek, M., Montalvo, R. M., Maddox, L. T., Santos, O., et al. (2020). Artificial intelligence and machine learning in dynamic cyber risk analytics at the edge. SN Applied Sciences, 2(11), 1\u20138.","journal-title":"SN Applied Sciences"},{"key":"86_CR19","unstructured":"NIST. (2018). NIST version 1.1. National Institute of Standards and Technology, U.S. Department of Commerce. https:\/\/www.nist.gov\/news-events\/news\/2018\/04\/nist-releases-version-11-its-popular-cybersecurity-framework. Accessed 14 July 2021."},{"key":"86_CR20","unstructured":"Barrett, M., Marron, J., Yan Pillitteri, V., Boyens, J., Witte, G., & Feldman, L. (2017). Draft NISTIR 8170, the cybersecurity framework: implementation guidance for federal agencies. Maryland."},{"key":"86_CR21","unstructured":"FIRST. (2017). CVSS v3.0 specification document. [Online]. https:\/\/www.first.org\/cvss\/specification-document#8-4-Metrics-Levels. Accessed 03 Oct 2017."},{"key":"86_CR22","doi-asserted-by":"crossref","unstructured":"Johnson, C., Badger, L., Waltermire, D., Snyder, J., & Skorupka, C. (2016). Guide to cyber threat information sharing. NIST special publication, 800(150).","DOI":"10.6028\/NIST.SP.800-150"},{"key":"86_CR23","volume-title":"Journal of Physics: Conference Series","author":"Y Wu","year":"2019","unstructured":"Wu, Y., Xiang, D., Gao, J., and Wu, Y. (2019). Research on investigation and evidence collection of cybercrime cases. In Journal of Physics: Conference Series (Vol. 1176, No. 4, p. 042064). IOP Publishing."},{"key":"86_CR24","unstructured":"Steup, M. (2005). Epistemology: Stanford encyclopedia of philosophy. Stanford University. Center for the Study of Language and Information (U.S.)."},{"key":"86_CR25","doi-asserted-by":"publisher","DOI":"10.1093\/0199253722.001.0001","volume-title":"Evidentialism","author":"E Conee","year":"2004","unstructured":"Conee, E., & Feldman, R. (2004). Evidentialism. Oxford University Press."},{"key":"86_CR26","unstructured":"Mittag, M. D. (2011). The internet encyclopedia of philosophy. ISSN 2161. University of Rochester: Internet Encyclopedia of Philosophy Pub."},{"key":"86_CR27","doi-asserted-by":"crossref","unstructured":"Goldman, A., & Olsson, E. J. (2009). Reliabilism and the value of knowledge. Epistemic value, pp. 19\u201341.","DOI":"10.1093\/acprof:oso\/9780199231188.003.0002"},{"key":"86_CR28","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1023\/A:1004243308503","volume":"89","author":"E Conee","year":"1998","unstructured":"Conee, E., & Feldman, R. (1998). The generality problem for reliabilism. Philosophical Studies: An International Journal for Philosophy in the Analytic Tradition , 89, 1\u201329.","journal-title":"Philosophical Studies: An International Journal for Philosophy in the Analytic Tradition"},{"issue":"3","key":"86_CR29","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1023\/A:1020656411534","volume":"110","author":"J Comesa\u00f1a","year":"2002","unstructured":"Comesa\u00f1a, J. (2002). The diagonal and the demon. Philosophical Studies, 110(3), 249\u2013266.","journal-title":"Philosophical Studies"},{"key":"86_CR30","doi-asserted-by":"crossref","unstructured":"Radanliev, P., De Roure, D., Nicolescu, R., Huth, M., & Santos, O. (2021). Artificial intelligence and the internet of things in industry 4.0. CCF Transactions on Pervasive Computing and Interaction, pp. 1\u201310.","DOI":"10.1007\/s42486-021-00057-3"},{"key":"86_CR31","unstructured":"ASI. (2016). Agency for strategic initiatives. National Technology initiative, Agency for Strategic Initiatives. Government of Russia. [Online]. https:\/\/asi.ru\/eng\/nti\/. Accessed 10 May 2017."},{"key":"86_CR32","unstructured":"G20. (2016). G20 new industrial revolution action plan."},{"key":"86_CR33","unstructured":"The State Council People Republic of China. (2017). Made in China 2025; The State Council People Republic of China. [Online]. http:\/\/english.gov.cn\/2016special\/madeinchina2025\/. Accessed 10 May 2020."},{"key":"86_CR34","unstructured":"Ministry of Education Universities and Research. (2014). Italian Technology Cluster: Intelligent Factories; Ministry of Education Universities and Research. Cluster Tecnologico Nazionale Fabbrica Intelligente | Imprese, universit\u00e0, organismi di ricerca, associazioni e enti territoriali: insieme per la crescita del Manifatturiero. [Online]. http:\/\/www.fabbricaintelligente.it\/en\/. Accessed 09 May 2020."},{"key":"86_CR35","unstructured":"Ministry of Economy Industry and Competitiveness Accessibility. (2015). Industria Conectada 4.0: La transformaci\u00f3n digital de la industria espa\u00f1ola Dossier de prensa; Ministry of Economy Industry and Competitiveness Accessibility. Madrid."},{"key":"86_CR36","unstructured":"Sirris & Agoria. (2017). Made different: factory of the future 4.0. [Online]. http:\/\/www.madedifferent.be\/en\/what-factory-future-40. Accessed 09 May 2017."},{"key":"86_CR37","unstructured":"Bouws, T., Kramer, F., Heemskerk, P., Van Os, M., Van Der Horst, T., Helmer, S., Huveneers, S., et al. (2015). Smart industry: Dutch industry fit for the future. Delft."},{"key":"86_CR38","unstructured":"New Industrial France. (2016). New industrial France: building France\u2019s industrial future - updated text from the 2013 version. Paris."},{"key":"86_CR39","unstructured":"Industrial Value Chain Initiative Japan. (2017). Industrial value chain reference architecture; industrial value chain initiative. Hannover, Germany."},{"key":"86_CR40","unstructured":"Ministry of Economy Trade and Industry of Japan. (2015). NRS, new robot strategy - vision strategy and action plan. Ministry of Economy Trade and Industry of Japan."},{"key":"86_CR41","unstructured":"Ministry of Economy, Trade and Industry of Japan. (2015). RRI, robot revolution initiative - summary of Japan\u2019s robot strategy - it\u2019s vision, strategy and action plan. Ministry of Economy, Trade and Industry of Japan."},{"key":"86_CR42","unstructured":"John, P. (2017). High value manufacturing catapult. Solihull."},{"key":"86_CR43","unstructured":"Department for Digital Culture Media Sport. (2017). UK digital strategy 2017 - GOV.UK; Department for Culture, Media and Sport. [Online]. https:\/\/www.gov.uk\/government\/publications\/uk-digital-strategy\/uk-digital-strategy. Accessed 24 May 2017."},{"key":"86_CR44","unstructured":"Siemens. (2017). Made Smarter review 2017."},{"key":"86_CR45","unstructured":"Germany Trade Invest. (2014). Industrie 4.0 smart manufacturing for the future. Berlin."},{"key":"86_CR46","unstructured":"NIST Advanced Manufacturing Office. (2013). Advanced manufacturing partnership."},{"key":"86_CR47","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1016\/j.techfore.2017.11.006","volume":"132","author":"J Kim","year":"2018","unstructured":"Kim, J. (2018). Are countries ready for the new meso revolution? Testing the waters for new industrial change in Korea. Technological Forecasting and Social Change, 132, 34\u201339.","journal-title":"Technological Forecasting and Social Change"},{"key":"86_CR48","unstructured":"Shaw, R., Takanti, V., Zullo, T., Director, M. & Llc, E. (2017). Best practices in cyber supply chain risk management Boeing and Exostar Cybersecurity supply chain risk management interviews. NIST."},{"key":"86_CR49","unstructured":"CMMI. (2017). What is capability maturity model integration (CMMI)\u00ae? | CMMI Institute. CMMI Institute. [Online]. http:\/\/cmmiinstitute.com\/capability-maturity-model-integration. Accessed 26 Dec 2017."},{"key":"86_CR50","unstructured":"U.S. Department of Energy. (2014). Cybersecurity capability maturity model (C2M2) | Department of Energy. Washington, DC."},{"key":"86_CR51","unstructured":"FAIR. (2020). FAIR risk analytics platform management. FAIR-U Model. [Online]. https:\/\/www.fairinstitute.org\/fair-u. Accessed 26 Dec 2017."},{"key":"86_CR52","unstructured":"FAIR. (2017). What is a cyber value-at-risk model?. [Online]. http:\/\/www.fairinstitute.org\/blog\/what-is-a-cyber-value-at-risk-model. Accessed 26 Dec 2017."},{"key":"86_CR53","unstructured":"ISO. (2017). ISO - international organization for standardization. [Online]. https:\/\/www.iso.org\/home.html. Accessed 26 Dec 2017."},{"issue":"2","key":"86_CR54","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s42452-019-1931-0","volume":"2","author":"P Radanliev","year":"2020","unstructured":"Radanliev, P., De Roure, D., Nurse, J. R. C., Mantilla Montalvo, R., Cannady, S., Santos, O., Maddox, L. T., et al. (2020). Future developments in standardisation of cyber risk in the Internet of Things (IoT). SN Applied Sciences, 2(2), 1\u201316.","journal-title":"SN Applied Sciences"},{"issue":"4","key":"86_CR55","doi-asserted-by":"publisher","first-page":"959","DOI":"10.1016\/j.joi.2017.08.007","volume":"11","author":"M Aria","year":"2017","unstructured":"Aria, M., & Cuccurullo, C. (2017). bibliometrix: An R-tool for comprehensive science mapping analysis. Journal of Informetrics, 11(4), 959\u2013975.","journal-title":"Journal of Informetrics"},{"key":"86_CR56","unstructured":"Jan van Eck, N., & Waltman, L. Software survey: VOSviewer, a computer program for bibliometric mapping."},{"key":"86_CR57","unstructured":"Taleb, N. N. (2007). The black swan: second edition by Nassim Nicholas Taleb: 9780812973815 | PenguinRandomHouse.com: Books. Penguin Random House Trade. [Online]. https:\/\/www.penguinrandomhouse.com\/books\/176226\/the-black-swan-second-edition-by-nassim-nicholas-taleb\/. Accessed 12 June 2021."},{"key":"86_CR58","doi-asserted-by":"publisher","unstructured":"Roche, E. M. (2016). Superforecasting: The art and science of prediction. By Philip Eyrikson Tetlock and Dan Gardner. New York, N.Y.: Crown Publishers, 2015. Journal of Strategic Security, 9(1), 144\u2013145. https:\/\/doi.org\/10.5038\/1944-0472.9.1.1519. Available at: https:\/\/scholarcommons.usf.edu\/jss\/vol9\/iss1\/14.","DOI":"10.5038\/1944-0472.9.1.1519"}],"container-title":["The Review of Socionetwork Strategies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12626-021-00086-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12626-021-00086-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12626-021-00086-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,19]],"date-time":"2021-11-19T15:27:53Z","timestamp":1637335673000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12626-021-00086-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,22]]},"references-count":58,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2021,11]]}},"alternative-id":["86"],"URL":"https:\/\/doi.org\/10.1007\/s12626-021-00086-5","relation":{},"ISSN":["2523-3173","1867-3236"],"issn-type":[{"value":"2523-3173","type":"print"},{"value":"1867-3236","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,7,22]]},"assertion":[{"value":"13 February 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 June 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 July 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"On behalf of all authors, the corresponding author states that there is no conflict or competing interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of interest"}}]}}