Visible to the public RIoTS: Risk Analysis of IoT Supply Chain Threats

TitleRIoTS: Risk Analysis of IoT Supply Chain Threats
Publication TypeConference Paper
Year of Publication2020
AuthorsKieras, Timothy, Farooq, Muhammad Junaid, Zhu, Quanyan
Conference Name2020 IEEE 6th World Forum on Internet of Things (WF-IoT)
Keywordsattack tree, Birnbaum importance, Ecosystems, Improvement potential, information and communication technology, Internet of Things, Metrics, pubcrawl, reliability, risk management, security, supply chain, supply chain risk assessment, Supply chains
AbstractSecuring the supply chain of information and communications technology (ICT) has recently emerged as a critical concern for national security and integrity. With the proliferation of Internet of Things (IoT) devices and their increasing role in controlling real world infrastructure, there is a need to analyze risks in networked systems beyond established security analyses. Existing methods in literature typically leverage attack and fault trees to analyze malicious activity and its impact. In this paper, we develop RIoTS, a security risk assessment framework borrowing from system reliability theory to incorporate the supply chain. We also analyze the impact of grouping within suppliers that may pose hidden risks to the systems from malicious supply chain actors. The results show that the proposed analysis is able to reveal hidden threats posed to the IoT ecosystem from potential supplier collusion.
DOI10.1109/WF-IoT48130.2020.9221323
Citation Keykieras_riots_2020