{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,11]],"date-time":"2026-07-11T10:12:15Z","timestamp":1783764735627,"version":"3.55.0"},"reference-count":115,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2022,12,5]],"date-time":"2022-12-05T00:00:00Z","timestamp":1670198400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2022,12,31]]},"abstract":"<jats:p>Internet of Things (IoT)-enabled devices are becoming integrated into a significant and increasing proportion of critical infrastructures, changing the cybersecurity-risk landscape. Risk is being introduced to industry sectors such as transport, energy, and manufacturing, with new attack surfaces exposed and potential for increased harm. Furthermore, risk and harm arising in the Industrial IoT (IIoT) could propagate across interconnected organisations and sectors, resulting in systemic risk. Aspects of this changing risk landscape are not addressed by current cybersecurity approaches, leaving cybersecurity-capability gaps. In this article, we show how current and emerging cybersecurity needs in the IIoT align with a key industry cybersecurity standard, the NIST Cyber Security Framework. The key capability gaps emerging in the IIoT are identified based on our findings from a series of workshops with over 100 expert participants. We present a comprehensive research agenda to enable researchers to prioritise research focus to address these gaps; this research agenda covers the full lifecycle of IIoT development (design, implementation, use and decommission). Furthermore, we conclude that there is a significant gap in understanding of the nature of systemic risk, which should be a key priority if we are to develop effective solutions for cybersecurity and safety in IIoT environments.<\/jats:p>","DOI":"10.1145\/3503920","type":"journal-article","created":{"date-parts":[[2022,3,28]],"date-time":"2022-03-28T11:45:39Z","timestamp":1648467939000},"page":"1-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Emerging Cybersecurity Capability Gaps in the Industrial Internet of Things: Overview and Research Agenda"],"prefix":"10.1145","volume":"3","author":[{"given":"Louise","family":"Axon","sequence":"first","affiliation":[{"name":"University of Oxford, Oxford, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Katherine","family":"Fletcher","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Arianna Schuler","family":"Scott","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Marcel","family":"Stolz","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Robert","family":"Hannigan","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ali El","family":"Kaafarani","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michael","family":"Goldsmith","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sadie","family":"Creese","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,12,5]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"National Institute of Standards and Technology (NIST). 2021. Cybersecurity Framework v1.1. Retrieved January 27 2021 from https:\/\/www.nist.gov\/cyberframework."},{"key":"e_1_3_1_3_2","unstructured":"Center for Internet Security. 2019. CIS Controls. Retrieved January 27 2021 from https:\/\/www.cisecurity.org\/controls\/."},{"key":"e_1_3_1_4_2","unstructured":"ISO. ISO\/IEC27001Informationsecuritymanagement. Retrieved January 27 2021 from https:\/\/www.iso.org\/isoiec-27001-information-security.html."},{"key":"e_1_3_1_5_2","unstructured":"National Cyber Security Centre. CyberEssentials. Retrieved January 27 2021 from https:\/\/www.cyberessentials.ncsc.gov.uk\/."},{"key":"e_1_3_1_6_2","unstructured":"Industrial Internet Consortium. 2019. IoT security maturity model: Description and intended use. Retrieved January 27 2021 from https:\/\/www.iiconsortium.org\/pdf\/SMM_Description_and_Intended_Use_FINAL_Updated_V1.1.pdf."},{"key":"e_1_3_1_7_2","unstructured":"Industrial Internet Consortium. 2019. The Industrial Internet of Things managing and assessing trustworthiness for IIoT in practice. [Whitepaper] Retrieved June 10 2020 from https:\/\/www.iiconsortium.org\/pdf\/Managing_and_Assessing_Trustworthiness_for_IIoT_in_Practice_Whitepaper_2019_07_29.pdf."},{"key":"e_1_3_1_8_2","unstructured":"European Union Agency for Network and Information Security (ENISA). 2018. Good practices for security of Internet of Things in the context of smart manufacturing. Retrieved January 27 2021 from https:\/\/www.enisa.europa.eu\/publications\/good-practices-for-security-of-iot\/at_download\/fullReport."},{"key":"e_1_3_1_9_2","unstructured":"IoT Security Institute. Smart cities & critical infrastructure framework. Retrieved January 27 2021 from https:\/\/iotsecurityinstitute.com\/iotsec\/index.php\/artefacts."},{"key":"e_1_3_1_10_2","doi-asserted-by":"crossref","unstructured":"M. Fagan K. N. Megas K. A. Scarfone and M. Smith. 2020. NIST8259A IoT device cybersecurity capability core baseline. NIST 8259A. National Institute of Standards and Technology . Retrieved January 27 2021 from https:\/\/csrc.nist.gov\/publications\/detail\/nistir\/8259a\/final.","DOI":"10.6028\/NIST.IR.8259a"},{"key":"e_1_3_1_11_2","doi-asserted-by":"crossref","unstructured":"M. Fagan K. N. Megas K. A. Scarfone and M. Smith. 2020. Foundational cybersecurity activities for IoT device manufacturers. NIST 8259. National Institute of Standards and Technology . (May 2020). Retrieved January 27 2020 from https:\/\/csrc.nist.gov\/publications\/detail\/nistir\/8259\/final.","DOI":"10.6028\/NIST.IR.8259"},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jmsy.2018.03.006"},{"key":"e_1_3_1_13_2","first-page":"716","volume-title":"Proceedings of the IIE Annual Conference.","author":"Ren A.","year":"2017","unstructured":"A. Ren, D. Wu, W. Zhang, J. Terpenny, and P. Liu. 2017. Cyber security in smart manufacturing: Survey and challenges. In Proceedings of the IIE Annual Conference. Institute of Industrial and Systems Engineers, 716\u2013721."},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1080\/23742917.2016.1252211"},{"key":"e_1_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/MPEL.2017.2761422"},{"key":"e_1_3_1_16_2","volume-title":"National Institute of Standards and Technology","author":"McCarthy J.","year":"2019","unstructured":"J. McCarthy, and D. Faatz. 2019. Securing the industrial internet of things: Security of distributed energy resources. National Institute of Standards and Technology, Tech. Rep."},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.01.029"},{"issue":"3","key":"e_1_3_1_18_2","doi-asserted-by":"crossref","first-page":"450","DOI":"10.1016\/j.clsr.2017.12.004","article-title":"Avoiding the internet of insecure industrial things","volume":"34","author":"Urquhart L.","year":"2018","unstructured":"L. Urquhart and D. McAuley. 2018. Avoiding the internet of insecure industrial things. Computer law & Security Review 34, 3 (2018), 450\u2013466.","journal-title":"Computer law & Security Review"},{"key":"e_1_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.5555\/3103559"},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2869847"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/2744769.2747942"},{"key":"e_1_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2822842"},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compind.2018.09.004"},{"key":"e_1_3_1_24_2","first-page":"641","volume-title":"Proceedings of the 2017 21st International Conference on System Theory, Control and Computing","author":"van Lier B.","year":"2017","unstructured":"B. van Lier. 2017. The industrial internet of things and cyber security: An ecological and systemic perspective on security in digital industrial ecosystems. In Proceedings of the 2017 21st International Conference on System Theory, Control and Computing. IEEE, 641\u2013647."},{"key":"e_1_3_1_25_2","volume-title":"Proceedings of the Living in the Internet of Things: Cybersecurity of the IoT-2018","author":"Radanliev P.","year":"2018","unstructured":"P. Radanliev, D. De Roure, J. R. Nurse, R. Nicolescu, M. Huth, S. Cannady, and R. M. Montalvo. 2018. Integration of cyber security frameworks, models and approaches for building design principles for the internet- of-things in industry 4.0. In Proceedings of the Living in the Internet of Things: Cybersecurity of the IoT-2018."},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/WF-IoT.2015.7389155"},{"key":"e_1_3_1_27_2","volume-title":"Proceedings of the 3rd International Conference on Emerging Technologies in Engineering, Biomedical, Medical and Science","author":"Lamba A.","year":"2017","unstructured":"A. Lamba, S. Singh, S. Balvinder, N. Dutta, and S. Rela. 2017. Mitigating cyber security threats of industrial control systems (scada & dcs). In Proceedings of the 3rd International Conference on Emerging Technologies in Engineering, Biomedical, Medical and Science."},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.icte.2018.02.001"},{"key":"e_1_3_1_29_2","article-title":"Smart factories, dumb policy?: Managing cybersecurity and data privacy risks in the industrial internet of things","author":"Shackelford S.","year":"2020","unstructured":"S. Shackelford. 2020. Smart factories, dumb policy?: Managing cybersecurity and data privacy risks in the industrial internet of things. Minnesota Journal of Law, Science & Technology 21, 1 (2020), 18--80.","journal-title":"Minnesota Journal of Law, Science & Technology"},{"key":"e_1_3_1_30_2","first-page":"421","volume-title":"Proceedings of the International Conference on Internet of Things and Big Data","volume":"2","author":"Romero-Mariona J.","year":"2016","unstructured":"J. Romero-Mariona, R. Hallman, M. Kline, J. San Miguel, M. Major, and L. Kerr. 2016. Security in the industrial internet of things-the c-sec approach. In Proceedings of the International Conference on Internet of Things and Big Data, 2. SCITEPRESS, (2016), 421\u2013428."},{"key":"e_1_3_1_31_2","volume-title":"Trend Study Kaspersky Reports","author":"Schwab W.","year":"2018","unstructured":"W. Schwab and M. Poujol. 2018. The State of Industrial Cybersecurity 2018. Trend Study Kaspersky Reports. Tech. Rep."},{"key":"e_1_3_1_32_2","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-32125-7","volume-title":"Cyber-security of SCADA and other Industrial Control Systems","author":"Colbert E. J.","year":"2016","unstructured":"E. J. Colbert and A. Kott. 2016. Cyber-security of SCADA and other Industrial Control Systems. Springer."},{"key":"e_1_3_1_33_2","volume-title":"Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS","author":"Macaulay T.","year":"2011","unstructured":"T. Macaulay and B. L. Singer. 2011. Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS. CRC Press."},{"key":"e_1_3_1_34_2","first-page":"761","article-title":"Industrial cyber vulnerabilities: Lessons from Stuxnet and the internet of things","volume":"72","author":"Trautman L. J.","year":"2017","unstructured":"L. J. Trautman and P. C. Ormerod. 2017. Industrial cyber vulnerabilities: Lessons from Stuxnet and the internet of things. U. Miami L. Rev. 72, 1 (2017), 761.","journal-title":"U. Miami L. Rev."},{"key":"e_1_3_1_35_2","first-page":"47","volume-title":"Proceedings of the Cyber Security of Industrial Control Systems in the Future Internet Environment","author":"Garda\u0161evi\u0107 G.","year":"2020","unstructured":"G. Garda\u0161evi\u0107, L. Berbakov, and A. Mastilovi\u0107. 2020. Cybersecurity of industrial internet of things. In Proceedings of the Cyber Security of Industrial Control Systems in the Future Internet Environment. IGI Global, (2020), 47\u201368."},{"issue":"250","key":"e_1_3_1_36_2","first-page":"2","article-title":"Cybersecurity management for (industrial) internet of things: Challenges and opportunities","volume":"8","author":"Maximilian L.","year":"2018","unstructured":"L. Maximilian, E. Markl, and A. Mohamed. 2018. Cybersecurity management for (industrial) internet of things: Challenges and opportunities. Journal of Information Technology & Software Engineering 8, 250 (2018), 2.","journal-title":"Journal of Information Technology & Software Engineering"},{"key":"e_1_3_1_37_2","first-page":"1","volume-title":"Proceedings of the 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications","author":"Drias Z.","year":"2015","unstructured":"Z. Drias, A. Serhrouchni, and O. Vogel. 2015. Analysis of cyber security for industrial control systems. In Proceedings of the 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications. IEEE, 1\u20138."},{"key":"e_1_3_1_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2020.3011208"},{"key":"e_1_3_1_39_2","unstructured":"I. Brass M. Carr P. Kruakae and L. Tanczer. 2019. Cybersecurity of the Internet of Things . PETRAS Stream Report. Retrieved January 27 2021 from https:\/\/www.researchgate.net\/publication\/335175129_Standards_Governance_and_Policy_Cybersecurity_of_the_Internet_of_Things_IoT_PETRAS_Stream_Report."},{"key":"e_1_3_1_40_2","volume-title":"Center for Strategic and International Studies","author":"Crumpler W.","year":"2019","unstructured":"W. Crumpler and J. A. Lewis. 2019. The cybersecurity workforce gap. Center for Strategic and International Studies, Washington, DC. Retrieved July 3, 2020 from https:\/\/www.csis.org\/analysis\/cybersecurity-workforce-gap."},{"key":"e_1_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.20944\/preprints201903.0111.v1"},{"key":"e_1_3_1_42_2","first-page":"217","article-title":"The industrial internet of things: Risks, liabilities, and emerging legal issues","volume":"62","author":"Paez M.","year":"2017","unstructured":"M. Paez and K. Tobitsch. 2017. The industrial internet of things: Risks, liabilities, and emerging legal issues. NYL Sch. L. Rev. 62, 1 (2017), 217.","journal-title":"NYL Sch. L. Rev."},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2017.3680959"},{"issue":"7","key":"e_1_3_1_45_2","first-page":"36","article-title":"Cybersecurity defense for industrial process-control systems","volume":"123","author":"Baldi M.","year":"2016","unstructured":"M. Baldi. 2016. Cybersecurity defense for industrial process-control systems. Chemical Engineering 123, 7 (2016), 36.","journal-title":"Chemical Engineering"},{"key":"e_1_3_1_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2912022"},{"key":"e_1_3_1_47_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-017-2219-z"},{"key":"e_1_3_1_48_2","volume-title":"Proceedings of the Living in the Internet of Things","author":"Craggs B.","year":"2019","unstructured":"B. Craggs, A. Rashid, C. Hankin, R. Antrobus, O. Serban, and N. Thapen. 2019. A reference architecture for IIoT and industrial control systems testbeds. In Proceedings of the Living in the Internet of Things."},{"key":"e_1_3_1_49_2","first-page":"24","volume-title":"Proceedings of the 10th International Conference on Emerging Security Information, Systems and Technologies","author":"Arnaert M.","year":"2016","unstructured":"M. Arnaert, Y. Bertrand, and K. Boudaoud. 2016. Modeling vulnerable internet of things on shodan and censys: An ontology for cyber security. In Proceedings of the 10th International Conference on Emerging Security Information, Systems and Technologies. 24\u201328."},{"key":"e_1_3_1_50_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.02.009"},{"key":"e_1_3_1_51_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2018.05.002"},{"key":"e_1_3_1_52_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10845-017-1315-5"},{"key":"e_1_3_1_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/SOLI.2018.8476769"},{"key":"e_1_3_1_54_2","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1016\/j.jnca.2019.02.022","article-title":"Implementation of deep packet inspection in smart grids and industrial internet of things: Challenges and opportunities","volume":"135","author":"De La Torre G.","year":"2019","unstructured":"G. De La Torre, P. Rad, and K.-K. R. Choo. 2019. Implementation of deep packet inspection in smart grids and industrial internet of things: Challenges and opportunities. Journal of Network and Computer Applications 135, 1 (2019), 32\u201346.","journal-title":"Journal of Network and Computer Applications"},{"key":"e_1_3_1_55_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2019.04.020"},{"key":"e_1_3_1_56_2","doi-asserted-by":"crossref","first-page":"173","DOI":"10.1109\/ICPHYS.2018.8387655","volume-title":"Proceedings of the 2018 IEEE Industrial Cyber-Physical Systems","author":"Settanni G.","year":"2018","unstructured":"G. Settanni, F. Skopik, A. Karaj, M. Wurzenberger, and R. Fiedler. 2018. Protecting cyber physical production systems using anomaly detection to enable self-adaptation. In Proceedings of the 2018 IEEE Industrial Cyber-Physical Systems. IEEE, 173\u2013180."},{"key":"e_1_3_1_57_2","unstructured":"NIST Information Technology Laboratory Computer Security Resource Centre. Lightweight Cryptography project. Retrieved February 1 2021 from https:\/\/csrc.nist.gov\/Projects\/lightweight-cryptography."},{"key":"e_1_3_1_58_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-56405-6_7"},{"key":"e_1_3_1_59_2","first-page":"153","volume-title":"Proceedings of the 2018 IEEE International Conference on Industrial Internet","author":"Laszka A.","year":"2018","unstructured":"A. Laszka, W. Abbas, Y. Vorobeychik, and X. Koutsoukos. 2018. Synergistic security for the industrial internet of things: Integrating redundancy, diversity, and hardening. In Proceedings of the 2018 IEEE International Conference on Industrial Internet. IEEE, 153\u2013158."},{"key":"e_1_3_1_60_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2018.2841049"},{"key":"e_1_3_1_61_2","first-page":"2088","article-title":"A reliable next generation cyber security architecture for industrial internet of things environment","volume":"10","author":"Vijayakumaran C.","year":"2020","unstructured":"C. Vijayakumaran, B. Muthusenthil, and B. Manickavasagam. 2020. A reliable next generation cyber security architecture for industrial internet of things environment. International Journal of Electrical & Computer Engineering 10, 1 (2020), 2088\u20138708.","journal-title":"International Journal of Electrical & Computer Engineering"},{"key":"e_1_3_1_62_2","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1109\/RWEEK.2018.8473517","volume-title":"Proceedings of the 2018 Resilience Week","author":"Mylrea M.","year":"2018","unstructured":"M. Mylrea and S. N. G. Gourisetti. 2018. Blockchain for supply chain cybersecurity, optimization and compliance. In Proceedings of the 2018 Resilience Week. IEEE, 70\u201376."},{"key":"e_1_3_1_63_2","unstructured":"CyberX. 2020. 2020 global IoT\/ICS risk report. Retrieved January 27 2021 from https:\/\/cyberx-labs.com\/resources\/risk-report-2020."},{"key":"e_1_3_1_65_2","unstructured":"IoT Security Institute. Smart cities & critical infrastructure professional certification. Retrieved June 10 2020 from https:\/\/iotsecurityinstitute.com\/iotsec\/index.php\/iotsi-certified."},{"key":"e_1_3_1_66_2","doi-asserted-by":"crossref","first-page":"4490","DOI":"10.1109\/IECON.2011.6120048","volume-title":"Proceedings of the IECON 2011-37th Annual Conference of the IEEE Industrial Electronics Society","author":"Karnouskos S.","year":"2011","unstructured":"S. Karnouskos. 2011. Stuxnet worm impact on industrial cyber-physical system security. In Proceedings of the IECON 2011-37th Annual Conference of the IEEE Industrial Electronics Society. IEEE, 4490\u20134494. Retrieved June 10, 2020 from https:\/\/ieeexplore.ieee.org\/document\/6120048."},{"key":"e_1_3_1_67_2","first-page":"61","volume-title":"Proceedings of the International Conference on Software Engineering Research and Practice.","author":"H\u00f6st M.","year":"2018","unstructured":"M. H\u00f6st, J. S\u00f6nnerup, M. Hell, and T. Olsson, 2018. Industrial practices in security vulnerability management for iot systems\u2013an interview study. In Proceedings of the International Conference on Software Engineering Research and Practice. The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), 61\u201367."},{"key":"e_1_3_1_68_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2016.2560919"},{"key":"e_1_3_1_69_2","unstructured":"S. Creese R. Hannigan A. El Kaafarani L. Axon K. Fletcher A. Schuler Scott and M. Stolz. 2020. Foresight review of cyber security for the industrial IoT. Lloyd's Register Foundation (July 2020). Retrieved from https:\/\/www.lrfoundation.org.uk\/en\/news\/cybersecurity-foresight-review\/(linkasof26\/10\/20)."},{"key":"e_1_3_1_70_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.compind.2018.04.015"},{"key":"e_1_3_1_71_2","doi-asserted-by":"crossref","unstructured":"S. Mitchell. 2018. Managing shared risks in interdependent systems of smart cities. In Internet of Things for Things and by Things A. Chaudhuri (Ed.). Auerbach Publications 155--162.","DOI":"10.1201\/9781315200644-8"},{"key":"e_1_3_1_72_2","volume-title":"World Economic Forum","author":"Creese S.","year":"2020","unstructured":"S. Creese, J. Saunders, L. Axon and W. Dixon. 2020. Future series: Cybersecurity, Emerging Technology and Systemic Risk. World Economic Forum. Tech. Rep."},{"key":"e_1_3_1_73_2","unstructured":"FireEye. (December 13 2020). Highly evasive attacker leverages SolarWinds supply chain to compromise multiple global victims with SUNBURST backdoor. FireEye Threat Research . Retrieved January 27 2021 from https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/12\/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html."},{"key":"e_1_3_1_74_2","unstructured":"Industrial Internet Consortium. 2016. Industrial Internet of Things: Security Framework. Retrieved January 27 2021 from https:\/\/www.iiconsortium.org\/pdf\/IIC_PUB_G4_V1.00_PB-3.pdf."},{"key":"e_1_3_1_75_2","unstructured":"National Institute of Standards and Technology. 2018. Path Forward to Support Adaptation and Adoption of Cybersecurity Framework. Retrieved January 27 2021 from https:\/\/www.nist.gov\/system\/files\/documents\/2018\/02\/06\/session_iii_-_barrett_csf.pdf."},{"key":"e_1_3_1_76_2","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1007\/978-3-030-35642-2_9","volume-title":"Proceedings of the Combating Security Challenges in the Age of Big Data","author":"Fadlullah Z. M.","year":"2020","unstructured":"Z. M. Fadlullah and M. M. Fouda, 2020. Authentication methodology for securing machine-to-machine communication in smart grid. In Proceedings of the Combating Security Challenges in the Age of Big Data. Springer, Cham, 189\u2013213."},{"key":"e_1_3_1_77_2","unstructured":"The Heartbleed Bug. Retrieved February 1 2021 from https:\/\/heartbleed.com."},{"key":"e_1_3_1_78_2","unstructured":"Postscapes. 2020. IoT Standards and Protocols. Retrieved February 2 2021 from https:\/\/www.postscapes.com\/internet-of-things-protocols\/."},{"key":"e_1_3_1_79_2","unstructured":"Cisco Press. 2019. IoT and Security Standards and Best Practices. Retrieved February 2 2021 from https:\/\/www.ciscopress.com\/articles\/article.asp?p=2923211&seqNum=4."},{"key":"e_1_3_1_80_2","unstructured":"European Commission. 2019. The EU Cybersecurity Act. Retrieved February 2 2021 from https:\/\/ec.europa.eu\/digital-single-market\/en\/eu-cybersecurity-act."},{"key":"e_1_3_1_81_2","unstructured":"National Institute of Standards and Technology (NIST). 2020. Recommendations for IoT Device Manufacturers. Retrieved February 2 2021 from https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2020\/NIST.IR.8259-draft2.pdf."},{"key":"e_1_3_1_82_2","unstructured":"UK Government. 2020. Press release: Government to Strengthen Security of Internet-connected Products. Retrieved February 2 2021 from https:\/\/www.gov.uk\/government\/news\/government-to-strengthen-security-of-internet-connected-products."},{"key":"e_1_3_1_83_2","unstructured":"California Legislative Information. 2018. Information Privacy: Connected Devices. Retrieved February 2 2021 from https:\/\/leginfo.legislature.ca.gov\/faces\/billTextClient.xhtml?bill_id=201720180SB327."},{"key":"e_1_3_1_84_2","unstructured":"Ponemon Institute. 2020. The Economic Value of Prevention in the Cybersecurity Lifecycle. Retrieved February 2 2021 from https:\/\/ponemonsullivanreport.com\/2020\/04\/the-economic-value-of-prevention-in-the-cybersecurity-lifecycle\/."},{"key":"e_1_3_1_85_2","unstructured":"European Union Aviation Safety Agency. 2019. NPA 2019-01 Aircraft Cybersecurity. Retrieved August 31 2021 from https:\/\/www.easa.europa.eu\/document-library\/notices-of-proposed-amendment\/npa-2019-01."},{"key":"e_1_3_1_86_2","first-page":"305","volume-title":"Proceedings of the 11th ACM Conference on Data and Application Security and Privacy","author":"Zahran B.","year":"2021","unstructured":"B. Zahran, A. Hussaini, and A. Ali-Gombe. 2021. IIoT-ARAS: IIoT\/ICS Automated risk assessment system for prediction and prevention. In Proceedings of the 11th ACM Conference on Data and Application Security and Privacy. 305\u2013307."},{"key":"e_1_3_1_87_2","first-page":"1","volume-title":"Proceedings of the 2020 International Conference on Computer Science, Engineering and Applications.","author":"Puri V.","year":"2020","unstructured":"V. Puri, I. Priyadarshini, R. Kumar and L. C. Kim. 2020. Blockchain meets IIoT: An architecture for privacy preservation and security in IIoT. In Proceedings of the 2020 International Conference on Computer Science, Engineering and Applications. IEEE, 1\u20137."},{"key":"e_1_3_1_88_2","first-page":"1","volume-title":"Proceedings of the IEEE INFOCOM 2021-IEEE Conference on Computer Communications Workshops.","author":"Sheikh N.","year":"2021","unstructured":"N. Sheikh, M. Pawar, and V. Lawrence, 2021. Zero trust using network micro segmentation. In Proceedings of the IEEE INFOCOM 2021-IEEE Conference on Computer Communications Workshops. IEEE, 1\u20136."},{"key":"e_1_3_1_89_2","unstructured":"National Institute of Standards and Technology. 2020. Zero Trust Architecture. Retrieved August 31 2021 from https:\/\/www.nist.gov\/publications\/zero-trust-architecture?TB_iframe=true&width=921.6&height=921.6."},{"key":"e_1_3_1_90_2","first-page":"88","volume-title":"Proceedings of the 2018 IEEE International Congress on Internet of Things.","author":"Samaniego M.","year":"2018","unstructured":"M. Samaniego and R. Deters. 2018. Zero-trust Hierarchical Management in IoT. In Proceedings of the 2018 IEEE International Congress on Internet of Things. IEEE, 88\u201395."},{"key":"e_1_3_1_91_2","doi-asserted-by":"crossref","first-page":"184","DOI":"10.1109\/Blockchain.2019.00032","volume-title":"Proceedings of the 2019 IEEE International Conference on Blockchain.","author":"Malik S.","year":"2019","unstructured":"S. Malik, V. Dedeoglu, S. S. Kanhere and R. Jurdak. 2019. Trustchain: Trust management in blockchain and iot supported supply chains. In Proceedings of the 2019 IEEE International Conference on Blockchain. IEEE, 184\u2013193."},{"key":"e_1_3_1_92_2","volume-title":"Trustworthy Services Through Attestation","author":"Lyle J.","year":"2011","unstructured":"J. Lyle. 2011. Trustworthy Services Through Attestation (Doctoral dissertation, Oxford University, UK)."},{"key":"e_1_3_1_93_2","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/j.compind.2018.10.004","article-title":"Cyber resilience protection for industrial internet of things: A software-defined networking approach","volume":"104","author":"Babiceanu R. F.","year":"2019","unstructured":"R. F. Babiceanu and R. Seker. 2019. Cyber resilience protection for industrial internet of things: A software-defined networking approach. Computers in Industry 104, 1 (2019), 47\u201358.","journal-title":"Computers in Industry"},{"key":"e_1_3_1_94_2","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/7181431"},{"key":"e_1_3_1_95_2","first-page":"203","volume-title":"Proceedings of the 2018 IEEE 6th International Conference on Future Internet of Things and Cloud","author":"Lipnicki P.","year":"2018","unstructured":"P. Lipnicki, D. Lewandowski, D. Pareschi, W. Pakos, and E. Ragaini. 2018. Future of IoTSP\u2013IT and OT integration. In Proceedings of the 2018 IEEE 6th International Conference on Future Internet of Things and Cloud. IEEE, 203\u2013207."},{"key":"e_1_3_1_96_2","doi-asserted-by":"publisher","DOI":"10.3390\/s18020574"},{"key":"e_1_3_1_97_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2018.01.036"},{"key":"e_1_3_1_98_2","doi-asserted-by":"publisher","DOI":"10.3390\/s20247160"},{"key":"e_1_3_1_99_2","volume-title":"Quarantine-mode Based Live Patching for Zero Downtime Safety-critical Systems","author":"Inchausti I. M.","year":"2019","unstructured":"I. M. Inchausti, E. J. Taquet, and J. P. Molina. 2019. Quarantine-mode Based Live Patching for Zero Downtime Safety-critical Systems (Doctoral dissertation, Universidad del Pa\u00eds Vasco-Euskal Herriko Unibertsitatea)."},{"key":"e_1_3_1_100_2","doi-asserted-by":"crossref","first-page":"367","DOI":"10.1016\/j.jmsy.2020.10.011","article-title":"Securing IIoT using defence-in-depth: towards an end-to-end secure industry 4.0","volume":"57","author":"Mosteiro-Sanchez A.","year":"2020","unstructured":"A. Mosteiro-Sanchez, M. Barcelo, J. Astorga, and A. Urbieta. 2020. Securing IIoT using defence-in-depth: towards an end-to-end secure industry 4.0. Journal of Manufacturing Systems 57, 1 (2020), 367\u2013378.","journal-title":"Journal of Manufacturing Systems"},{"key":"e_1_3_1_101_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2017.2737630"},{"key":"e_1_3_1_102_2","doi-asserted-by":"publisher","DOI":"10.3390\/s20020501"},{"key":"e_1_3_1_103_2","doi-asserted-by":"crossref","first-page":"17","DOI":"10.3389\/fbloc.2019.00017","article-title":"A decentralized digital identity architecture","volume":"2","author":"Goodell G.","year":"2019","unstructured":"G. Goodell and T. Aste. 2019. A decentralized digital identity architecture. Frontiers in Blockchain 2, 1 (2019), 17.","journal-title":"Frontiers in Blockchain"},{"key":"e_1_3_1_104_2","first-page":"1","volume-title":"Proceedings of the 2020 Global Internet of Things Summit","author":"Fedrecheski G.","year":"2020","unstructured":"G. Fedrecheski, J. M. Rabaey, L. C. Costa, P. C. C. Ccori, W. T. Pereira, and M. K. Zuffo. 2020. Self-sovereign identity for IoT environments: A perspective. In Proceedings of the 2020 Global Internet of Things Summit. IEEE, 1\u20136."},{"key":"e_1_3_1_105_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2863244"},{"key":"e_1_3_1_106_2","first-page":"139","volume-title":"Proceedings of the 2018 IEEE International Conference on Industrial Internet","author":"Moustafa N.","year":"2018","unstructured":"N. Moustafa, B. Turnbull, and K. K. R. Choo. 2018. Towards automation of vulnerability and exploitation identification in IIoT networks. In Proceedings of the 2018 IEEE International Conference on Industrial Internet. IEEE, 139\u2013145."},{"key":"e_1_3_1_107_2","doi-asserted-by":"publisher","DOI":"10.3390\/app10134482"},{"key":"e_1_3_1_108_2","doi-asserted-by":"publisher","DOI":"10.3390\/s20247148"},{"issue":"2","key":"e_1_3_1_109_2","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1504\/IJITST.2018.093336","article-title":"Managing incident response in the industrial internet of things","volume":"8","author":"Cook A.","year":"2018","unstructured":"A. Cook, L. Maglaras, R. Smith, and H. Janicke. 2018. Managing incident response in the industrial internet of things. International Journal of Internet Technology and Secured Transactions 8, 2 (2018), 251\u2013276.","journal-title":"International Journal of Internet Technology and Secured Transactions"},{"key":"e_1_3_1_110_2","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1016\/j.ijcip.2018.04.004","article-title":"Integrated protection of industrial control systems from cyber-attacks: the ATENA approach","volume":"21","author":"Adamsky F.","year":"2018","unstructured":"F. Adamsky, M. Aubigny, F. Battisti, M. Carli, F. Cimorelli, T. Cruz, A. Di Giorgio, C. Foglietta, A. Galli, A. Giuseppi, and F. Liberati. 2018. Integrated protection of industrial control systems from cyber-attacks: the ATENA approach. International Journal of Critical Infrastructure Protection 21, 1 (2018), 72\u201382.","journal-title":"International Journal of Critical Infrastructure Protection"},{"key":"e_1_3_1_111_2","first-page":"199","volume-title":"Proceedings of the 2018 IEEE 3rd International Conference on Computing, Communication and Security.","author":"Garimella P. K.","year":"2018","unstructured":"P. K. Garimella. 2018. IT-OT integration challenges in utilities. In Proceedings of the 2018 IEEE 3rd International Conference on Computing, Communication and Security. IEEE, 199\u2013204."},{"key":"e_1_3_1_112_2","first-page":"962","volume-title":"Proceedings of the IEEE","volume":"107","author":"Felser M.","year":"2019","unstructured":"M. Felser, M. Rentschler, and O. Kleineberg. 2019. Coexistence standardization of operation technology and information technology. Proceedings of the IEEE 107, 6 (2019), 962\u2013976."},{"key":"e_1_3_1_113_2","unstructured":"N. Ulltveit-Moe H. Nergaard L. Erd\u00f6di T. Gj\u00f8s\u00e6ter E. Kolstad and P. Berg. 2016. Secure information sharing in an industrial Internet of Things. arXiv:1601.04301. Retrieved from https:\/\/arxiv.org\/abs\/1601.04301."},{"key":"e_1_3_1_114_2","unstructured":"isITethical Key Terms Retrieved August 31 2021 from https:\/\/www.isitethical.org\/key-terms\/."},{"key":"e_1_3_1_115_2","doi-asserted-by":"publisher","DOI":"10.3390\/app10165607"},{"key":"e_1_3_1_116_2","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1145\/3140241.3140253","volume-title":"Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and Privacy","author":"Antonioli D.","year":"2017","unstructured":"D. Antonioli, H. R. Ghaeini, S. Adepu, M. Ochoa, and N. O. Tippenhauer. 2017. Gamifying ICS security training and research: Design, implementation, and results of S3. In Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and Privacy. 93\u2013102."},{"key":"e_1_3_1_117_2","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1109\/CySWater.2016.7469060","volume-title":"Proceedings of the 2016 International Workshop on Cyber-physical Systems for Smart Water Networks","author":"Mathur A. P.","year":"2016","unstructured":"A. P. Mathur and N. O. Tippenhauer. 2016. SWaT: A water treatment testbed for research and training on ICS security. In Proceedings of the 2016 International Workshop on Cyber-physical Systems for Smart Water Networks. IEEE, 31\u201336."},{"key":"e_1_3_1_118_2","doi-asserted-by":"crossref","unstructured":"Deloitte Industrial Internet of Things (IIoT) Security Services Retrieved August 31 2021 from https:\/\/www2.deloitte.com\/us\/en\/pages\/risk\/solutions\/industrial-internet-of-things-and-cybersecurity.html.","DOI":"10.1201\/9781003001126-4"}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3503920","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3503920","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:32Z","timestamp":1750188632000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3503920"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,5]]},"references-count":115,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,12,31]]}},"alternative-id":["10.1145\/3503920"],"URL":"https:\/\/doi.org\/10.1145\/3503920","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"value":"2692-1626","type":"print"},{"value":"2576-5337","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,12,5]]},"assertion":[{"value":"2021-02-04","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-12-02","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-12-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}