The document discusses the growing issues surrounding security of internet of things (IoT) devices. It notes that cyber attacks cost businesses hundreds of billions annually and vulnerabilities often exist for over a year before being addressed. With the rapid growth of connected devices, addressing IoT security is increasingly important. The PETRAS research hub involves over 50 projects across 11 UK universities to better understand social and technical challenges around privacy, ethics, trust, reliability, and security of IoT systems. The goal is to make the UK a leader in trusted IoT expertise and help ensure security does not solely rely on consumer burden.

1. <ALISDAIR RITCHIE>
PETRAS – National IoT Research Hub
University of Warwick
Research:TheAnswerto the Problem of IoT Security

2. Research: The Answer to the Problem
of IoT Security.
Dr Alisdair Ritchie – PETRAS Impact Champion.
WMG, University of Warwick.

3. Setting the Scene
• Cyber attacks cost businesses as much as $400 billion a year
(Lloyds London)
• 99.9% of exploited vulnerabilities were compromised more
than a year after the vulnerability was published (Verizon
2017 Data Breach Investigations Report)
• Devices – 20.4 billion connected devices in use by 2020 up
from 8.4 billion in 2017 (Gartner)
• Internet of Things – In 2017, spend on IoT hardware was
$2.09 billion (Gartner)
3

4. The Internet of Things (IoT)
• Smart technologies make previously unintelligent things (like
home thermostats, white goods, or building management
systems) able to compute and communicate – typically
wirelessly
• Almost all the data that IoT devices send is to other
machines – there are no humans involved: ‘M2M’
communications
• Generic chipsets can be used to provide specific functionality
without consideration for the rest of the functions
• Security can cost more to research and implement than to
make the devices themselves

5. Applications of IoT – diverse and pervasive
• Households
– Smart thermostats
– White goods
– Televisions
• Building Management Systems (BMS) – sensors and controls
– Heating, ventilation & air conditioning
– Access controls
• Industrial and Utilities control systems
– Sensors and actuators (pumps, heaters, valves, etc.)
• Medical and Hospital equipment
– Patient monitors
– Patient information recording
• Transport
– Condition monitoring
– Asset location
• Retail

6. The Future Digital World
• Big Data - 90% of all the data in the world has been
created in the last two years (SINTEF ICT)
• The Robot “Birth Rate” is doubling every five years
(International Federation of Robotics)
• AI could add an additional £630bn to the UK Economy by
2035 (Government AI Report – Dame Wendy Hall)
• Regulations to govern these functions don’t exist yet and
research is required to generate this knowledge

7. What are the Issues that need to be
tackled?

8. Some examples of threats
• Contactless card skimming
• Hacking Building Management Systems
• Baby monitors
• Smart TVs
• USB devices
• Smart domestic goods
• Smart toys
• Cars, now and in the future
• Healthcare device
– From Fitbit to infusion pumps

9. Smart Toys
Increasingly, toys are equipped with internet
communications, cameras, geolocation, etc.
• Risk of digital stalking and peeping
(geolocation with picture data)
• Robots, dolls, drones
• Threat not yet fully emergent, but risk is
perceived
• PETRAS project at Lancaster called IoT4Kids
seeks to understand the security and privacy
implications for children using the IoT
See: http://www.cnet.com/news/hello-headaches-barbie-of-the-internet-age-has-even-
more-security-flaws/

10. The Value of Personal Data
Bagram US Air Base in Afghanistan as lit up by Strava
Source: BBC

11. Positive for the Future
• Productivity – Research could see machines double their
outputs every four years through rapid decision making and
environmental learning
• Retail and Logistics - Faster / more accurate order delivery on
demand
• Healthcare – Simple devices could provide solutions that
enable elderly people to stay in their homes – NHS Dementia
Test Bed

12. What is the UK doing about it?

13. PETRAS – key facts
Projects grouped by type into
‘Constellations’, sample one or
more of the Stream threads
• 11 world leading universities
• Combined hub value: £23m
• More than 50 projects
launched since 2016
• Blackett Review expertise
• 47 partners at submission,
60+ added since, combining
presence in the UK, Central
Europe and America
(giving International links
and perspective)
• Inter– and multi-disciplinary
focus split between social and
technical knowledge spheres

14. P
E
T
R
A
S
Privacy
Ethics
Trust
Reliability
Acceptability
Security
Social
Technical

15. Social and physical science challenges

16. 16
Aims
• Deliver real co-produced cross-sectoral, impactful, and
timely technical and socioeconomic benefit;
• Place the UK as world-leader in expertise and deployment
of trusted IoT technology;
• Create a cross-disciplinary environment across research
domains, industries, and government departments;
• Create a social platform for innovation and co-creation
with users and stakeholders;
• Provide an enduring legacy from the PETRAS Hub, beyond
the end of the funded period.
To:

17. Research into IoT Systems

18. PETRAS Demonstrators
• IoT in the Home (BRE)
• IoT in Critical National Infrastructure (Airbus /
Costain)
• Data Sharing in the IoT (Cisco)
• IoT in Smart Buildings (Newcastle and Cube Controls)
• Moving in the IoT (Meridian / Costain / JLR)
• Art Connect (Tate)
Around £1m invested, including match funding
‘Safe Deployment of Knowledge in use’

19. IoT in the Home
The context of the demonstrator project is
BRE’s Innovation Park, which includes
more than 8 domestic buildings, 3 of which
have integrated photovoltaic power
generation (PV) with battery storage and
network import/export management.
Deliverables:
• Real full-scale ‘Smart Home’
• Smart Home simulator
• Use case – Micro energy-
trading in a community
• Report on factors influencing
adoption & acceptability
• Guidelines for secure IoT
deployment
Impact:
• Design, procurement,
deployment and operation
• Government and Industry
policy advice

20. Art Connect - Tate
• Identify pieces, ensure
provenance
• Monitor location and
movement, temperature
and pressure
• Observe condition across
borders in a seamless,
secure, and cost-effective
way
Protecting the
irreplaceable!

21. What is the Challenge?
• Increase knowledge of the need for cybersecurity
to address the drive to the cheapest solution
• Provide common knowledge base that allow
government and industry to make informed
decisions
• To move some of the onus for research into
issues which affect us all into the public space
• To build communities that can work together on
the problems of the future

22. Artificial Intelligence
Today’s Issue or the Future’s?
“the people writing the algorithms for software that will control
many automated aspects of our daily lives in the future are
mainly young, white men.”
“Almost by definition, machine learning algorithms will pick up
on any bias in the data they are given to learn from”
Dame Professor Wendy Hall
University of Southampton and PETRAS
writing in “The Conversation”

23. “If the Burden for Ensuring Security Falls on Consumers
then we have Failed”
Professor Joe Butler, Former Chief Scientist to the Department for Digital, Culture,
Media and Sport

24. Thank you!
Dr Alisdair Ritchie (a.ritchie@warwick.ac.uk)
PETRAS Impact Champion - WMG, University of Warwick