IEEE Systems, Man and Cybernetics Magazine - July 2019 - 36

larger utilities make use of probability risk assessment
(PRA), or similar tools, to estimate risk in their complex
networks, and through such tools it is also possible to
incorporate and model uncertainty.
Recommendations
These recommendations should not be viewed as a condemnation of the IoT but rather a proactive approach to
understand and address the risk.
Understanding IoT Risk
Utilities need to better understand the risk of adopting
new IoT infrastructure. Major utilities have vast experience assessing the operational risks associated with their
industry and, as such, have tools for estimating this risk
and the means for managing it. It is now critical that these
utilities understand the impact and likelihood of risk from
integrating the IoT into their infrastructure. The good
news is that the existing risk-assessment methods are
directly transferable; it is simply that the scale and scope
of the problem are more complex, and the threat and vulnerability are more uncertain. We can expect that both the
impact and the likelihood factors of risk will increase, but
it will not be enough to simply assign a high-risk/highuncertainty value to an IoT device. It will be necessary to
understand the means and consequences of reducing the
likelihood and impact of potential harm. Also, some IoT
manufacturers will produce devices that are much less
vulnerable. One would hope that the market (or regulation)
might stimulate a drive toward an installed base of morereliable IoT systems. However, to set standards to guide
manufacturers in developing IoT devices, utilities should
assess the impact and likelihood of risk for deployment of
each type of device into their particular system.
New models of risk will need to be explored where the
impact factor in calculating risk is mitigated through better designs and new security mechanisms. Smart infrastr uctures a re nothing new, but la rge - sca le IoT
deployments change everything, and the IoT will become
an indispensable part of future utilities. This connectedness will form the basis of a highly reactive system with
great benefits, yet also create far more complex interdependencies that will be more difficult to model (e.g., the
"unknown unknowns"). It would be imprudent to place IoT
systems into critical parts of a utility until the risk of those
IoT systems can be appropriately understood and mitigated. As stated above, it is not enough to simply assign high
values to the impact and likelihood of risks. Ranges of likelihood and levels of impact for specific IoT devices must
be incorporated into assessment models before considering deployment into critical parts of utilities. The uncertainty around risk must also be incorporated. As described
previously, uncertainty comes from many areas, including
future software and hardware vulnerabilities, design and
operational choices, dependencies like power and communications failures, and simple unknown events.
36

IEEE SYSTEMS, MAN, & CYBERNETICS MAGAZINE Ju ly 2019

Designing for IoT Resilience
Utilities need to design systems with appropriate redundancies, fail-safes, and isolation measures. After incorporating IoT risk into assessment models, it follows that
steps be taken to mitigate the impact and likelihood of failures in a way that creates a resilient system. The ultimate
goal will be to design for autonomous operation (developing infrastructures that can self-detect and defeat attacks
or failures), but this is a long way off. In the meantime, utilities need to design around the risk of any given IoT device
failure. Furthermore, future infrastructures will likely
evolve beyond the stage of basic interdependencies into a
new "interwoven" set of vulnerabilities that combines the
vulnerabilities affecting the IoT, ICT, power systems, and a
given utility. The current system is a result of organic
growth with IoT infrastructure more or less developing
organically and in silos, independent of the underlying
infrastructure or system. This raises the question of how
designers of these architectures should incorporate these
devices into current infrastructures. An architectural
design that assumes the IoT as a collection of black boxes
is dangerous. This approach ignores the nature of the vulnerability, the ways of mitigating it, and the associated
quantifiable risk. Utilities should adopt (or possibly participate in the creation of) standards that developers must
meet in order to be considered a trusted vendor. Such standards might be useful for
1) establishing software security levels
2) guiding software requirements (e.g., not including
known vulnerable code)
3) including the ability to update or disable IoT systems
4) establishing acceptable risk profile per device
5) ensuring sufficient processing and storage to use
robust encryption to prevent data leaks and ensure
confidentiality
6) defining approaches to secure supply chain.
Utilities will need to require their vendors to adopt such
standards.
Questions remain as to whether we can control the infrastructure issues ex ante, and if not, what ex post models
should be put into place. Ex ante is dependent on welldesigned and well-deployed IoT, while ex post depends on
responsive tools and system architectures. The architectural
and operational change that must be considered include
the following: 1) distribution of function; 2) consideration
of new failure modes and the need to properly model component, system, and system-of-systems redundancies, failsafes, and cooperation; and 3)  consideration of data use,
security, privacy, retention, and sharing.
Information Sharing
Utilities must develop methods for timely information sharing among all utilities (not just within a sector) and to
work across the infrastructure ecosystem to understand the impact of these networked elements. There is
already information sharing within sectors, but better



IEEE Systems, Man and Cybernetics Magazine - July 2019

Table of Contents for the Digital Edition of IEEE Systems, Man and Cybernetics Magazine - July 2019

Contents
IEEE Systems, Man and Cybernetics Magazine - July 2019 - Cover1
IEEE Systems, Man and Cybernetics Magazine - July 2019 - Cover2
IEEE Systems, Man and Cybernetics Magazine - July 2019 - Contents
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 2
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 3
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 4
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 5
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 6
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 7
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 8
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 9
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 10
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 11
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 12
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 13
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 14
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 15
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 16
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 17
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 18
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 19
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 20
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 21
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 22
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 23
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 24
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 25
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 26
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 27
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 28
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 29
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 30
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 31
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 32
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 33
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 34
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 35
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 36
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 37
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 38
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 39
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 40
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 41
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 42
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 43
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 44
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 45
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 46
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 47
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 48
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 49
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 50
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 51
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 52
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 53
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 54
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 55
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 56
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 57
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 58
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 59
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 60
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 61
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 62
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 63
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 64
IEEE Systems, Man and Cybernetics Magazine - July 2019 - Cover3
IEEE Systems, Man and Cybernetics Magazine - July 2019 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/smc_202110
https://www.nxtbook.com/nxtbooks/ieee/smc_202107
https://www.nxtbook.com/nxtbooks/ieee/smc_202104
https://www.nxtbook.com/nxtbooks/ieee/smc_202101
https://www.nxtbook.com/nxtbooks/ieee/smc_202010
https://www.nxtbook.com/nxtbooks/ieee/smc_202007
https://www.nxtbook.com/nxtbooks/ieee/smc_202004
https://www.nxtbook.com/nxtbooks/ieee/smc_202001
https://www.nxtbook.com/nxtbooks/ieee/smc_201910
https://www.nxtbook.com/nxtbooks/ieee/smc_201907
https://www.nxtbook.com/nxtbooks/ieee/smc_201904
https://www.nxtbook.com/nxtbooks/ieee/smc_201901
https://www.nxtbook.com/nxtbooks/ieee/smc_201810
https://www.nxtbook.com/nxtbooks/ieee/smc_201807
https://www.nxtbook.com/nxtbooks/ieee/smc_201804
https://www.nxtbook.com/nxtbooks/ieee/smc_201801
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_1017
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0717
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0417
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0117
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_1016
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0716
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0416
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0116
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_1015
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0715
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0415
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0115
https://www.nxtbookmedia.com