{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T20:11:22Z","timestamp":1776111082757,"version":"3.50.1"},"reference-count":77,"publisher":"Frontiers Media SA","license":[{"start":{"date-parts":[[2024,10,10]],"date-time":"2024-10-10T00:00:00Z","timestamp":1728518400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["frontiersin.org"],"crossmark-restriction":true},"short-container-title":["Front. Big Data"],"abstract":"Internet-of-Things (IoT) refers to low-memory connected devices used in various new technologies, including drones, autonomous machines, and robotics. The article aims to understand better cyber risks in low-memory devices and the challenges in IoT risk management. The article includes a critical reflection on current risk methods and their level of appropriateness for IoT. We present a dependency model tailored in context toward current challenges in data strategies and make recommendations for the cybersecurity community. The model can be used for cyber risk estimation and assessment and generic risk impact assessment. The model is developed for cyber risk insurance for new technologies (e.g., drones, robots). Still, practitioners can apply it to estimate and assess cyber risks in organizations and enterprises. Furthermore, this paper critically discusses why risk assessment and management are crucial in this domain and what open questions on IoT risk assessment and risk management remain areas for further research. The paper then presents a more holistic understanding of cyber risks in the IoT. We explain how the industry can use new risk assessment, and management approaches to deal with the challenges posed by emerging IoT cyber risks. We explain how these approaches influence policy on cyber risk and data strategy. We also present a new approach for cyber risk assessment that incorporates IoT risks through dependency modeling. The paper describes why this approach is well suited to estimate IoT risks.<\/jats:p>","DOI":"10.3389\/fdata.2024.1402745","type":"journal-article","created":{"date-parts":[[2024,10,10]],"date-time":"2024-10-10T04:49:03Z","timestamp":1728535743000},"update-policy":"https:\/\/doi.org\/10.3389\/crossmark-policy","source":"Crossref","is-referenced-by-count":42,"title":["AI security and cyber risk in IoT systems"],"prefix":"10.3389","volume":"7","author":[{"given":"Petar","family":"Radanliev","sequence":"first","affiliation":[]},{"given":"David","family":"De Roure","sequence":"additional","affiliation":[]},{"given":"Carsten","family":"Maple","sequence":"additional","affiliation":[]},{"given":"Jason R. C.","family":"Nurse","sequence":"additional","affiliation":[]},{"given":"Razvan","family":"Nicolescu","sequence":"additional","affiliation":[]},{"given":"Uchenna","family":"Ani","sequence":"additional","affiliation":[]}],"member":"1965","published-online":{"date-parts":[[2024,10,10]]},"reference":[{"key":"B1","volume-title":"Risk","author":"Adams","year":"1995"},{"key":"B2","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1080\/23738871.2018.1553989","article-title":"Comparative industrial policy and cybersecurity: a framework for analysis","volume":"3","author":"Aggarwal","year":"2018","journal-title":"J. Cyber Policy"},{"key":"B3","doi-asserted-by":"publisher","first-page":"1606","DOI":"10.1111\/risa.12864","article-title":"Security events and vulnerability data for cybersecurity risk estimation","volume":"37","author":"Allodi","year":"2017","journal-title":"Risk Analy."},{"key":"B4","first-page":"113","article-title":"\u201cModeling dependencies in security risk management,\u201d","volume-title":"Post-Proceedings of the 4th International Conference on Risks and Security of Internet and Systems, CRiSIS 2009","author":"Alpcan","year":"2009"},{"key":"B5","doi-asserted-by":"crossref","DOI":"10.1049\/cp.2018.0035","article-title":"\u201cPulse: an adaptive intrusion detection for the internet of things,\u201d","volume-title":"Living in the Internet of Things: Cybersecurity of the IoT","author":"Anthi","year":"2018"},{"key":"B6","first-page":"13","article-title":"\u201cPrivacy requirements: present and future,\u201d","volume-title":"2017 IEEE\/ACM 39th International Conference on Software Engineering: Software Engineering in Society Track (ICSE-SEIS)","author":"Anthonysamy","year":"2017"},{"key":"B7","doi-asserted-by":"publisher","first-page":"15796","DOI":"10.1007\/s41315-022-00239-x","article-title":"An effective optimization enabled deep learning based malicious behaviour detection in cloud computing","volume":"9","author":"Bhingarkar","year":"2022","journal-title":"Int. J. Intellig. Robot. Appl."},{"key":"B8","unstructured":"BidenJ.\n Washington, DCThe White HouseExecutive Order on Improving the Nation's Cybersecurit.2021"},{"key":"B9","volume-title":"Insurability of Cyber Risk 1","author":"Biener","year":"2014"},{"key":"B10","article-title":"\u201cStochastic modelling of the effects of interdependencies between critical infrastructure,\u201d","author":"Bloomfield","year":"2010","journal-title":"Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)"},{"key":"B11","article-title":"\u201cStandards, governance and policy,\u201d","volume-title":"Cybersecurity of the Internet of Things (IoT): PETRAS Stream Report","author":"Brass","year":"2019"},{"key":"B12","doi-asserted-by":"crossref","DOI":"10.1049\/cp.2018.0024","article-title":"\u201cStandardising a moving target: the development and evolution of IoT security standards,\u201d","volume-title":"Living in the Internet of Things: Cybersecurity of the IoT - 2018","author":"Brass","year":"2018"},{"key":"B13","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/3213232.3213238","article-title":"Failures from the environment, a report on the first FAILSAFE workshop","volume":"48","author":"Breza","year":"2018","journal-title":"ACM SIGCOMM Comp. Commun. Rev."},{"key":"B14","doi-asserted-by":"publisher","first-page":"544","DOI":"10.1007\/s10664-011-9158-8","article-title":"A practice-driven systematic review of dependency analysis solutions","volume":"16","author":"Callo Arias","year":"2011","journal-title":"Empir. Softw. Eng."},{"key":"B15","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1080\/23738871.2017.1296878","article-title":"Cyber risk and the changing role of insurance","volume":"2","author":"Camillo","year":"2017","journal-title":"J. Cyber Policy"},{"key":"B16","author":"Caplan","year":"2000","journal-title":"Risk Revisited"},{"key":"B17","doi-asserted-by":"crossref","DOI":"10.21236\/ADA470450","volume-title":"Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process","author":"Caralli","year":"2007"},{"key":"B18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3390\/app12104880","article-title":"A configurable dependency model of a SCADA system for goal-oriented risk assessment","volume":"12","author":"Cherdantseva","year":"2022","journal-title":"Appl. Sci."},{"key":"B19","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1016\/j.tej.2019.01.018","article-title":"Risk assessment at the edge: applying NERC CIP to aggregated grid-edge resources","volume":"32","author":"Christensen","year":"2019","journal-title":"Electr. J."},{"key":"B20","volume-title":"CISA Stakeholder-Specific Vulnerability Categorization Guide.","year":"2022"},{"key":"B21","unstructured":"What Is Capability Maturity Model Integration (CMMI)2017"},{"key":"B22","doi-asserted-by":"publisher","first-page":"152","DOI":"10.1080\/23738871.2017.1361890","article-title":"The internet of things: preparing for the revolution","volume":"2","author":"Constance","year":"2017","journal-title":"J. Cyber Policy"},{"key":"B23","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1109\/MC.2018.2141022","article-title":"Rebooting computers to avoid meltdown and spectre","volume":"51","author":"Conte","year":"2018","journal-title":"Computer"},{"key":"B24","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1109\/SEsCPS.2017.5","article-title":"\u201cSmart cyber-physical systems: beyond usable security to security ergonomics by design,\u201d","volume-title":"2017 IEEE\/ACM 3rd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS)","author":"Craggs","year":"2017"},{"key":"B25","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1080\/23738871.2018.1514061","article-title":"Gaps in United States Federal Government IoT security and privacy policies","volume":"3","author":"Crawford","year":"2018","journal-title":"J. Cyber Policy"},{"key":"B26","unstructured":"Common Vulnerability Scoring System SIG.2019"},{"key":"B27","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1007\/s10669-015-9540-y","article-title":"Systems engineering framework for cyber physical security and resilience","volume":"35","author":"DiMase","year":"2015","journal-title":"Environm. Syst. Deci."},{"key":"B28","unstructured":"Washington, DCOffice of the Deputy Assistant Secretary of Defense for Systems EngineeringRisk, Defense. Issue, and Opportunity Management Guide for Defense Acquisition Programs2017"},{"key":"B29","volume-title":"The Implementation of a Cybersecurity Testbed for Education and Research.","author":"Dubois","year":"2018"},{"key":"B30","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1093\/cybsec\/tyw003","article-title":"Hype and heavy tails: a closer look at data breaches","volume":"2","author":"Edwards","year":"2016","journal-title":"J. Cybersecu."},{"key":"B31","doi-asserted-by":"publisher","first-page":"e6","DOI":"10.1017\/S1357321718000284","article-title":"Cyber operational risk scenarios for insurance companies","volume":"24","author":"Egan","year":"2019","journal-title":"Br. Actuarial J."},{"key":"B32","doi-asserted-by":"crossref","first-page":"102545","DOI":"10.1016\/j.cose.2021.102545","article-title":"A system to calculate cyber value-at-risk","volume":"113","author":"Erola","year":"2022","journal-title":"Comput. Secur."},{"key":"B33","doi-asserted-by":"publisher","DOI":"10.4324\/9780429057632","article-title":"\u201cManaging cyber risk,\u201d","author":"Evans","year":"2019","journal-title":"Managing Cyber Risk"},{"key":"B34","unstructured":"Spokane, WAThe FAIR InstituteQuantitative Information Risk Management2017"},{"key":"B35","unstructured":"FAIR Risk Analytics Platform Management. FAIR-U Model2020"},{"key":"B36","unstructured":"North Carolina Chapter \u2014 FAIR Institute2023"},{"key":"B37","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1080\/23738871.2019.1586969","article-title":"Cyber negotiation: a cyber risk management approach to defend urban critical infrastructure from cyberattacks","volume":"4","author":"Falco","year":"2019","journal-title":"J. Cyber Policy"},{"key":"B38","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1108\/JGR-05-2016-0011","article-title":"Caught red-handed: the cost of the Volkswagen dieselgate","volume":"7","author":"Fracarolli Nunes","year":"2016","journal-title":"J. Global Responsib."},{"key":"B39","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1016\/j.simpat.2016.09.007","article-title":"Using virtual environments for the assessment of cybersecurity issues in IoT scenarios","volume":"73","author":"Furfaro","year":"2017","journal-title":"Simulat. Model. Pract. Theory"},{"key":"B40","article-title":"\u201cThe evolution of fraud: ethical implications in the age of large-scale data breaches and widespread artificial intelligence solutions deployment,\u201d","author":"Gupta","year":"2018","journal-title":"ITU Journal: ICT Discoveries, Special Issue."},{"key":"B41","doi-asserted-by":"crossref","first-page":"196","DOI":"10.1109\/ITT56123.2022.9863935","article-title":"\u201cFrom model-centric to data-centric AI: a paradigm shift or rather a complementary approach?,\u201d","volume-title":"2022 8th International Conference on Information Technology Trends (ITT)","author":"Hamid","year":"2022"},{"key":"B42","unstructured":"HowardM.\n Cybersecurity Improvement Act of 2017: The Ghost of Congress Past -2017"},{"key":"B43","unstructured":"Cyber Risk.2019"},{"key":"B44","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1038\/s41598-022-13700-5","article-title":"Using deep learning to detect digitally encoded dna trigger for trojan malware in bio-cyber attacks","volume":"12","author":"Islam","year":"2022","journal-title":"Sci. Rep"},{"key":"B45","unstructured":"ISO- International Organization for Standardization2017"},{"key":"B46","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1109\/MSEC.2018.2888780","article-title":"The internet of things promises new benefits and risks: a systematic analysis of adoption dynamics of IoT products","volume":"17","author":"Jalali","year":"2019","journal-title":"IEEE Secur. Privacy"},{"key":"B47","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1038\/s41598-022-17254-4","article-title":"Reliability model of the security subsystem countering to the impact of typed cyber-physical attacks","volume":"12","author":"Kovtun","year":"2022","journal-title":"Sci. Rep"},{"key":"B48","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.ijcip.2014.12.004","article-title":"Critical infrastructure dependencies: a holistic, dynamic and quantitative approach","volume":"8","author":"Laug\u00e9","year":"2015","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"B49","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1080\/23738871.2017.1362020","article-title":"Towards estimating the untapped potential: a global malicious DDoS mean capacity estimate","volume":"2","author":"Leverett","year":"2017","journal-title":"J. Cyber Policy"},{"key":"B50","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/s41315-021-00173-4","article-title":"Intelligent warehouse monitoring based on distributed system and edge computing","volume":"5","author":"Lin","year":"2021","journal-title":"Int. J. Intellig. Robot. Appl."},{"key":"B51","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/23738871.2019.1590437","article-title":"Enabling mass surveillance: data aggregation in the age of big data and the internet of things","volume":"2019","author":"Maras","year":"2019","journal-title":"J. Cyber Policy"},{"key":"B52","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1080\/23738871.2018.1546883","article-title":"A zero-sum game: the zero-day market in 2018","volume":"4","author":"Meakins","year":"2019","journal-title":"J. Cyber Policy"},{"key":"B53","year":"2014","journal-title":"Framework for Improving Critical Infrastructure Cybersecurity"},{"key":"B54","unstructured":"NVD - CVSS v3 Calculator. CVSS Version 3.12022"},{"key":"B55","unstructured":"United States Department of CommerceNational Telecommunications and Information AdministrationVulnerability-Exploitability EXchange (VEX).2021"},{"key":"B56","unstructured":"OASIS Common Security Advisory Framework (CSAF) TC.2022"},{"key":"B57","doi-asserted-by":"publisher","first-page":"34","DOI":"10.22215\/timreview\/714","article-title":"Protecting critical infrastructure by identifying pathways of exposure to risk","volume":"2013","author":"O'Neill","year":"2013","journal-title":"Technol. Innovat. Manage. Rev"},{"key":"B58","doi-asserted-by":"publisher","first-page":"350","DOI":"10.1007\/s41315-022-00227-1","article-title":"IoT authentication model with optimized deep Q network for attack detection and mitigation","volume":"6","author":"Palekar","year":"2022","journal-title":"Int. J. Intellig. Robot. Appl."},{"key":"B59","doi-asserted-by":"publisher","first-page":"66","DOI":"10.69554\/HTTE6540","article-title":"Staying safe in an increasingly interconnected world: iot and cybersecurity","volume":"2","author":"Payton","year":"2018","journal-title":"Cyber Security"},{"key":"B60","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1080\/23738871.2018.1546884","article-title":"Russia's vision of cyberspace: a danger to regime security, public safety, and societal norms and cohesion","volume":"4","author":"Pigman","year":"2019","journal-title":"J. Cyber Policy"},{"key":"B61","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1109\/CIC.2018.00023","article-title":"\u201cA decentralized marketplace application on the ethereum blockchain,\u201d","volume-title":"2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC)","author":"Ranganthan","year":"2018"},{"key":"B62","unstructured":"\u201cH.R.5793 - 113th congress (2013-2014): cyber supply chain management and transparency act of 2014,\u201d\n RoyceE. R.\n Congress.Gov2014"},{"key":"B63","unstructured":"RussellB.\n Van DurenD.\n BirminghamPackt PublishingPractical Internet of Things Security: a Practical, Indispensable Security Guide That Will Navigate you Through the Complex Realm of Securely Building and Deploying Systems in our IoT-Connected World.2016"},{"key":"B64","unstructured":"SchindlerH. R.\n CaveJ. A. K.\n RobinsonN.\n HorvathV.\n HackettP. J.\n GunashekarS.\n Europe's Policy Options for a Dynamic and Trustworthy Development of the Internet of Things: SMART 2012\/00532013"},{"key":"B65","volume-title":"Rise of the Machines: The Dyn Attack was Just a Practice Run December 2016.","author":"Scott","year":"2016"},{"key":"B66","unstructured":"Protecting intellectual property and privacy in the digital age: the use of national cybersecurity strategies to mitigate cyber risk412445\n ShackelfordS. J.\n Chapman Law Rev.192016"},{"key":"B67","unstructured":"ShawR.\n TakantiV.\n ZulloT.\n Best practices in cyber supply chain risk management, Boeing and Exostar Cyber Security Supply Chain Risk Management - Interviews2017"},{"key":"B68","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1016\/j.future.2018.09.063","article-title":"Government regulations in cyber security: framework, standards and recommendations","volume":"92","author":"Srinivas","year":"2019","journal-title":"Future Generat. Comp. Syst."},{"key":"B69","doi-asserted-by":"crossref","DOI":"10.1049\/cp.2018.0033","article-title":"\u201cEmerging risks in the iot ecosystem: who's afraid of the big bad smart fridge?,\u201d","volume-title":"Living in the Internet of Things: Cybersecurity of the IoT","author":"Tanczer","year":"2018"},{"key":"B70","unstructured":"2022"},{"key":"B71","first-page":"1","article-title":"\u201cX-ray refine,\u201d","volume-title":"Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems - CHI '18","author":"Van Kleek","year":"2018"},{"key":"B72","unstructured":"Van WierenM.\n Van LuitE.\n EstourgieR.\n JacobsV.\n BultersJ.\n Cyber Value at Risk in The Netherlands2016"},{"key":"B73","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1140\/epjb\/e2015-60754-4","article-title":"The extreme risk of personal data breaches and the erosion of privacy","volume":"89","author":"Wheatley","year":"2016","journal-title":"Eur. Phys. J. B"},{"key":"B74","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1038\/sdata.2016.18","article-title":"The FAIR guiding principles for scientific data management and stewardship","volume":"3","author":"Wilkinson","year":"2016","journal-title":"Scientific Data"},{"key":"B75","unstructured":"\u201cMonte carlo methods to investigate how aggregated cyber insurance claims data impacts security investments,\u201d\n WoodsD.\n SimpsonA. C.\n Workshop on the Economics of Information Security (WEIS).2018"},{"key":"B76","unstructured":"WynnJ.\n WhitmoreG.\n UptonL.\n SpriggsD.\n McKinnonR.\n McInnesR.\n Bedford, MAMITRE CorporationThreat Assessment and Remediation Analysis (tara).2011"},{"key":"B77","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s41315-021-00182-3","article-title":"Introduction to the focused section on new trends of autonomous robot navigation","volume":"5","author":"Zhang","year":"2021","journal-title":"Int. J. Intellig. Robot. Appl"}],"container-title":["Frontiers in Big Data"],"original-title":[],"link":[{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fdata.2024.1402745\/full","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,10]],"date-time":"2024-10-10T04:49:17Z","timestamp":1728535757000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fdata.2024.1402745\/full"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,10]]},"references-count":77,"alternative-id":["10.3389\/fdata.2024.1402745"],"URL":"https:\/\/doi.org\/10.3389\/fdata.2024.1402745","relation":{},"ISSN":["2624-909X"],"issn-type":[{"value":"2624-909X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,10,10]]},"article-number":"1402745"}}