Plant & Works Engineering
Home
Menu
Improving cyber-security requires major coordinated effort
Published:  29 March, 2018

Government, industry, system operators and the engineering profession must act together in a coordinated way to improve cyber safety and ensure that the Internet of Things develops in a secure and trusted way, according to two new reports published by the Royal Academy of Engineering and the PETRAS Internet of Things research hub.

The reports together cover the Internet of Things and other digitally connected systems such as industrial control systems and building management systems.

Cyber safety and resilience: strengthening the digital systems that support the modern economy is published by the Royal Academy of Engineering, compiled by a group of expert Academy Fellows, chaired by Prof Nick Jennings CB FREng, Vice Provost and Professor of Artificial Intelligence at Imperial College London.

While Internet of Things: realising the potential of a trusted smart world

is published by the PETRAS Cyber-security of the Internet of Things Research Hub and the Royal Academy of Engineering, and was compiled by a group of experts from PETRAS and the Academy, chaired by Paul Taylor FREng, UK Lead Partner - Cyber Security at KPMG.

Together they highlight that digital technologies have a huge variety of applications from industry-level uses like electricity generation plant, to consumer applications such as fitness devices and smart home hubs, and that the integration of physical and digital systems creates many opportunities to realise economic, social and environmental benefits across business and society.

The reports also warn, however, that digitally connected systems need to be designed with safety and resilience in mind to minimise future risk. They could be vulnerable both to cyber-attacks and non-malicious events such as natural hazards or the failure of components and the impact can be increased where systems are interdependent.

As the number of IoT devices increases in homes, workplaces and public spaces, the studies consider the potential for more aspects of people’s lives to be observed. IoT devices can violate norms of private space - for IoT systems that control or process personal data, there may also be privacy threats from data sharing.

The reports recommend that the evolving nature of the challenges will require continual responsiveness and agility by government, regulators, organisations and their supply chains. While they conclude that there is no silver bullet for improving cyber-security and resilience, they call on organisations to demand that products are ‘secure by default’, and recommend a number of measures, including: Mandatory risk management procedures should be considered for critical infrastructure; supply chain transparency; international ‘umbrella agreements’ on IoT; Eehical frameworks.

The reports also highlight that the UK in a strong position to lead the development of appropriate international standards and regulation, as a result of its world-class expertise in cyber-security, safety-critical systems, software engineering, hardware security, artificial intelligence and social sciences.