INSTITUTE OF AERONAUTICAL ENGINEERING

AAT TECH TALK

Name N.Upender
Rollno 22955A6706
Subject Principles Of IOT
Subject Code ACIC10
 TITLE

Considering Risk in Infrastructure Internet of

Things: Observations and Recommendations
Introduction
The integration of Internet of Things (IoT) technologies into infrastructure systems has ushered in an
era of enhanced efficiency, real-time monitoring, and unprecedented interconnectivity. These
advancements have transformed traditional infrastructure management, enabling smarter cities, more
responsive utilities, and dynamic transportation systems.
 However, as infrastructure IoT becomes more prevalent, the risks associated with its deployment
and operation have grown in complexity and severity. These risks encompass a broad spectrum,
including cybersecurity threats, privacy concerns, and potential system failures that could disrupt
essential services and endanger public safety.
IoT infrastructure involves a vast array of interconnected devices that operate in diverse and often
harsh environments. it is crucial to develop robust risk management strategies that encompass not
only technical solutions but also policy frameworks, industry standards, and cross-sector
collaboration.
About IoT (Internet of Things)
 IoT stands for Internet of Things, which means accessing and controlling daily usable equipments
and devices using Internet.
 The Internet of Things (IoT) describes the network of physical objects or things that are embedded
with sensors, software, and other technologies for the purpose of connecting and exchanging data
with other devices and systems over the internet.
 IoT is an advanced automation and analytics system which deals with artificial intelligence, sensor,
networking, electronic, cloud messaging etc. to deliver complete systems for the product or services.
The system created by IoT has greater transparency, control, and performance.
 Connecting everyday things embedded with electronics, software, and sensors to internet enabling to
collect and exchange data without human interaction called as the Internet of Things (IoT).
 The term "Things" in the Internet of Things refers to anything and everything in day to day life
which is accessed or connected through the internet.
Industrial IOT

 Industrial IoT (also known as IoT) refers

to a network of connected industrial
devices found on things like plant
manufacturing equipment down to small
sensors inside of manufactured devices.
 These IoT sensors are typically used to
collect information on past performance
or efficiency and share that data back to
a centralized source.
Observations and Recommendations

 The impact of the Internet of Things (IoT) the emerging set of embedded sensors, actuators,
controllers, and communications devices on future utilities and infrastructures from the
perspective of risk, reliability, and resilience. Given the need to safeguard from the
perspective of the utilities’ risk and presents a set of observations and recommendations
concerning utility deployment of the IoT.

 The IoT presents a new and fundamentally different component with a highly uncertain risk
profile. These IoT systems will be densely deployed, highly integral, and likely autonomous
in operation, meaning that they could directly affect the operational reliability of a utility.
 with risk-assessment experts from leading utilities, where it was stated that many utilities did
not realize the full extent of vulnerabilities within IoT devices, nor were they sure how to
incorporate that risk and uncertainty into their current risk-assessment models.
The key findings were as follows:
 The understanding of IoT-related security vulnerabilities varies.
 The impact of software vulnerabilities is poorly comprehended.
 The risk models are poorly specified because the managers cannot gauge likelihood.
 In the managers’ view, IoT manufacturers were responsible for mitigating this risk.
Risk and Uncertainty
 Risk can informally be defined as an exposure to the possibility of an undesirable event.
 These individual risks can then be incorporated in assessments by a variety of approaches to
provide a systems-level view . While determining how people judge a risk is more complex a
common method for assigning quantitative values to risk is as follows:
 Risk = Likelihood* Impact
 In this simple formulation, risk can be thought of as the impact of an unwanted event multiplied
by the probability (or likelihood) of that event occurring. It is common to represent this impact
as a loss or a cost (e.g., financial impact), which can then be used to assess and compare events.
 These individual risks can be aggregated to create system-level views of risk across a system,
and therefore can be used to assess when changes are made to the system (such as the addition
of IoT devices to a utility network).
 Uncertainty is inherent to risk.
 This uncertainty translates into a potential range of risk. Higher uncertainty means a larger range
of potential values.
 By minimizing uncertainty, one can better understand risk. However, and not surprisingly, the
process of reducing uncertainty can be costly and involve a great deal of measurement, planning,
engineering, and testing.
 Higher uncertainty as it relates to software can stem from a range of factors, such as poorly
written code, improper design assumptions, poorly defined requirements, and other unknown
factors.
 With proper design, implementation, and testing, unwanted outcomes can be avoided, and
uncertainty can be reduced but not eliminated.
Vulnerabilities of the IoT
 lack of software and security knowledge of the
manufacturer
 lack of incentives for the manufacturer to adopt secure
methods
 the common integration of poorly written publicly
available code (including core operating system code)
 the inability to update these IoT systems
 the inability to disable these systems
 the lack of industry standards dictating levels of security
from a software perspective
 the lack of information pertaining to the risk profile of each
device
Understanding IoT Risk
 Utilities need to better understand the risk of adopting new IoT infrastructure. Major utilities
have vast experience assessing the operational risks associated with their industry and, as
such, have tools for estimating this risk and the means for managing it. It is now critical that
these utilities understand the impact and likelihood of risk from integrating the IoT into their
infrastructure.
 The good news is that the existing risk-assessment methods are directly transferable; it is
simply that the scale and scope of the problem are more complex, and the threat and
vulnerability are more uncertain.
 We can expect that both the impact and the likelihood factors of risk will increase, but it will
not be enough to simply assign a high-risk/high uncertainty value to an IoT device. It will be
necessary to understand the means and consequences of reducing the likelihood and impact
of potential harm.
Designing for IoT Resilience
Utilities need to design systems with appropriate redundancies, fail-safes, and isolation measures.
After incorporating IoT risk into assessment models, it follows that steps be taken to mitigate the
impact and likelihood of failures in a way that creates a resilient system.
 The ultimate goal will be to design for autonomous operation (developing infrastructures that can
self-detect and defeat attacks or failures), but this is a long way off. In the meantime, utilities need
to design around the risk of any given IoT device failure.
 Furthermore, future infrastructures will likely evolve beyond the stage of basic interdependencies
into a new “interwoven” set of vulnerabilities that combines the vulnerabilities affecting the IoT,
ICT, power systems, and a given utility.
The current system is a result of organic growth with IoT infrastructure more or less developing
organically and in silos, independent of the underlying infrastructure or system.
 Establishing Software Security Levels

 Guiding Software Requirements (E.G., Not Including Known Vulnerable Code)

 Including The Ability To Update Or Disable Iot Systems

 Establishing Acceptable Risk Profile Per Device

 Ensuring Sufficient Processing And Storage To Use Robust Encryption To Prevent Data Leaks And Ensure
Confidentiality

 Defining Approaches To Secure Supply Chain. Utilities Will Need To Require Their Vendors To Adopt Such
Standards.
Importance Of IOT Security

 Depending on the application, a breach in an industrial internet of things environment could result in
risks ranging from leaking of important information that is critical to the way your business works or a
device is manufactured, to compromise of the product you produce or damage to your industrial controls.
 Take a physical product, like bolts, for example. If a hacker gained access to the network for your bolt
manufacturing plant and changed the machine settings that controlled the strength of that bolt, it could
easily cause bolts to fail and your products to fall apart under stresses it should normally be able to
withstand.

 That could mean a person dies when your product fails. While the risks vary depending upon how you
use IoT devices in your organization, the threat is real no matter the level of concern. Protecting your
organization, and the people who use your products should be paramount.
Risks associated with industrial IoT
 The Industrial Internet of Things (IoT) has
seen significant advancements since we
first explored its risks in this blog post. As
technology continues to evolve, so do the
risks associated with IoT devices.
 Device hijacking
 Data siphoning
 Denial of service attacks
 Data breaches
 Device theft
 Man-in-the-Middle or Device “spoofing”
Conclusion

 The IoT represents a conundrum for utility providers and policymakers. While the IoT could help
reduce operational expenses and aid in faster detection and recovery from faults, it also represents a
new and highly uncertain security risk.
 Even if some of the risk of adoption can be transferred to the manufacturers of these devices and
systems, the utility is the entity that will be held accountable when a failure arises. While recognizing
the value of the IoT, utilities should learn about how to maintain or enhance the resilience of their
future IoT-based infrastructure.
 This requires that they determine who should build and manage this infrastructure as well as determine
what design, operations, and management structures should be put in place. Ensuring resilience
necessitates utilities developing a process for assessing the risk associated with the integration of this
type of technology into these utilities and the subsequent design accounting for this risk.