Biblio

As the Internet of Things (IoT) era raise, billions of additional connected devices in new locations and applications will create new challenges. Security and privacy are among the major challenges in IoT as any breaches and misuse in those aspects will have the adverse impact on users. Among many factors that determine the security of any system, human factor is the most important aspect to be considered; as it is renowned that human is the weakest link in the information security cycle. Experts express the need to increase cyber resilience culture and a focus on the human factors involved in cybersecurity to counter cyber risks. The aim of this study is to propose a conceptual model to improve cyber resilience in IoT users that is adapted from a model in public health sector. Cyber resilience is improved through promoting security behavior by gathering the existing knowledge and gain understanding about every contributing aspects. The proposed approach is expected to be used as foundation for government, especially in Indonesia, to derive strategies in improving cyber resilience of IoT users.

Conventional cyber defenses require continual maintenance: virus, firmware, and software updates; costly functional impact tests; and dedicated staff within a security operations center. The conventional defenses require access to external sources for the latest updates. The whitelisted system, however, is ideally a system that can sustain itself freed from external inputs. Cyber-Physical Systems (CPS), have the following unique traits: digital commands are physically observable and verifiable; possible combinations of commands are limited and finite. These CPS traits, combined with a trust anchor to secure an unclonable digital identity (i.e., digitally unclonable function [DUF] - Patent Application \#15/183,454; CodeLock), offers an excellent opportunity to explore defenses built on whitelisting approach called “Trustworthy Design Architecture (TDA).” There exist significant research challenges in defining what are the physically verifiable whitelists as well as the criteria for cyber-physical traits that can be used as the unclonable identity. One goal of the project is to identify a set of physical and/or digital characteristics that can uniquely identify an endpoint. The measurements must have the properties of being reliable, reproducible, and trustworthy. Given that adversaries naturally evolve with any defense, the adversary will have the goal of disrupting or spoofing this process. To protect against such disruptions, we provide a unique system engineering technique, when applied to CPSs (e.g., nuclear processing facilities, critical infrastructures), that will sustain a secure operational state without ever needing external information or active inputs from cybersecurity subject-matter experts (i.e., virus updates, IDS scans, patch management, vulnerability updates). We do this by eliminating system dependencies on external sources for protection. Instead, all internal co- munication is actively sealed and protected with integrity, authenticity and assurance checks that only cyber identities bound to the physical component can deliver. As CPSs continue to advance (i.e., IoTs, drones, ICSs), resilient-maintenance free solutions are needed to neutralize/reduce cyber risks. TDA is a conceptual system engineering framework specifically designed to address cyber-physical systems that can potentially be maintained and operated without the persistent need or demand for vulnerability or security patch updates.