| Summary: | Internet of Things (IoT)-enabled devices are becoming integrated into a significant and increasing proportion of critical
infrastructures, changing the cybersecurity-risk landscape. Risk is being introduced to industry sectors such as transport,
energy and manufacturing, with new attack surfaces exposed and potential for increased harm. Furthermore, risk and harm
arising in the Industrial IoT (IIoT) could propagate across interconnected organisations and sectors, resulting in systemic risk.
Aspects of this changing risk landscape are not addressed by current cybersecurity approaches, leaving cybersecuritycapability gaps. In this paper, we show how current and emerging cybersecurity needs in the IIoT align with a key industry
cybersecurity standard, the NIST Cyber Security Framework. The key capability gaps emerging in the IIoT are identified
based on our findings from a series of workshops with over 100 expert participants. We present a comprehensive research
agenda to enable researchers to prioritise research focus to address these gaps; this research agenda covers the full lifecycle
of IIoT development (design, implementation, use and decommission). Further, we conclude that there is a significant gap in
understanding of the nature of systemic risk, which should be a key priority if we are to develop effective solutions for
cybersecurity and safety in IIoT environments.
|
|---|