Professor Jaco van de Pol will lead the DIREC project Secure IoT systems (SIoT), which aims to model security threats and countermeasures for IoT systems and services, to develop secure solutions, and to analyze residual security risks.
“Our goal with the SiOT project is to make it easier to design and certify secure IoT devices. Security and privacy are very important to many people and organizations that use IoT devices for measurements in smart cities, natural environments, logistics chains, and in their private homes. Engineering IoT devices is challenging, since they are physically small and must run on low power. Yet, they must perform accurate measurements and communicate with high efficiency. So how can one achieve security on top of that? We will provide new tools to model security threats, implement countermeasures, and analyze the final security risks”.
Jaco van de Pol continues: “I am happy to be able to work with a team that includes both academic researchers and industrial experts. This will ensure that the project addresses the right questions, and that we can find new solutions by combining the expertise from several disciplines. And we can evaluate the solutions in an industrial setting.”
The strategy is to use algorithms from automata theory and game theory to automate risk analysis and security strategy synthesis. The implementation of the security policies will consider both technical as well as social aspects, in particular usability in organizations and training of people.
For TERMA A/S, who are part of the project, their motivation is to be aware of the landscape in IoT systems in order to make them more cyber-resilient. Samant Khajuria, Chief Specialist Cybersecurity at TERMA A/S, explains:
“When we integrate IoT systems in our line of business, our main purpose is to provide safety for critical systems. Our systems go both to the defense and civilian sector such as Wind Farms, airports or harbors. We know that IoT devices sooner or later become obvious pieces of the puzzle in providing good systems in the future. And before integrating in systems like this we need to understand the threats and risks. Secondly, we would like to collaborate with universities in Denmark, because the researchers are working with this everyday. We are merely the users of the technology.”
Jørgen Hartig is Managing Director and Partner in SecurIOT, who are also part of the project. He hopes the project will help create the needed awareness on both sides of the “table” about the environment of industry 4.0. They often hear customers saying: “Why would the hackers go for us? We do not produce anything interesting…” or “the production has been for 25 years, and we haven’t had an issue” or “there are no connections between IT systems and OT systems.”
“The last statement will be challenged dramatically in the next 5-10 years. IoT and OT vendors will come out with new technology solutions that will utilize cloud-enabled applications and 5G connections to the factory floor, so there will be no “air-gap” in the future. I am not saying it is wrong, I am just saying that the consumers and IoT vendors need to work with the cyber threats and risks in a structured way.”
According to Gert Læssøe Mikkelsen, Head of Security Lab at the Alexandra Institute, there is a need for improved cyber security in IoT, which is also the reason why they participate in the project:
“We see a need for academic research in close collaboration with industry to deal with this. We hope that the tools and methodologies developed in this project will be deployed and improve the cybersecurity of IoT so we are all ready for the future, where we both expect an increase in the threats from cybercriminals and, as a consequence, an increase in requirements and regulation in this area that the industry must be ready to handle.”