IEEE Systems, Man and Cybernetics Magazine - July 2019 - 38

Such systems are just beginning to emerge, and most of
this functionality is incumbent on the device and software
industry to address.
Utilities may not be in a position to solve this problem
on their own, which leads us to ask what market, policy,
and regulatory models should be in place to foster trust
and encourage resilient deployment. While this article
does not answer the question of what regulatory path to
follow, it does underscore important issues for regulators
to consider. The IoT fundamentally changes the risk equation for utilities, which means they need to take special
precautions as they incorporate the IoT in their operations.

[9] IEEE Standards Association, "IEEE guide for electric power distribution reliability indices," 2012. [Online]. Available: https://ieeexplore.ieee.org/stamp/stamp
.jsp?tp=&arnumber=6209381
[10] G. Giannopoulos, R. Filippini, and M. Schimmer, "Risk assessment methodologies
for critical infrastructure protection. Part I: A state of the art," Publications Office of
the European Union, Luxembourg, Luxembourg, Tech. Rep. EUR 25286, 2012. [Online].
Available: https://ec.europa.eu/jrc/en/publication/eur-scientific-and-technical-researchreports/risk-assessment-methodologies-critical-infrastructure-protection-part-i-state-art
[11] P. Slovic, B. Fischhoff, and S. Lichtenstein, "Facts and fears: Understanding
perceived risk," in Societal Risk Assessment: How safe Is Safe Enough?, R. S. Schwing
and W. A. Albers Jr., Eds. New York: Plenum, 1980, pp. 181-214.
[12] R. Francis and B. Bekera, "A metric and frameworks for resilience analysis of
engineered and infrastructure systems," Rel. Eng. System Safety, vol. 121, pp. 90-103,

About the Author
Douglas C. Sicker (sicker@cmu.edu) is the Lord Endowed
Chair in Engineering and the department head and professor of engineering and public policy with a joint appointment at the School of Computer Science, Carnegie Mellon
University (CMU), Pittsburgh, Pennsylvania. He is also the
director of CMU's CyLab Institute for Security and Privacy.
Previously, he was an endowed professor with the Department of Computer Science, University of Colorado, Boulder.
He recently served as the chief technology officer with the
National Telecommunications and Information Administration and the Federal Communications Commission, Washington, D.C. Previously, he served as director of Global
Architecture with Level 3 Communications. He has also
served on numerous program committees, federal advisory
committees, and other advisory boards. His research interests include wireless systems, network security, and engineering policy. He is a Senior Member of the IEEE.

Jan. 2014.
[13] P. Schulman and E. Roe, Reliability and Risk: The Challenge of Managing Interconnected Infrastructures. Stanford, CA: Stanford Univ. Press, 2016.
[14] D. Kushner, "The real story of Stuxnet," IEEE Spectrum, Feb. 2013. [Online].
Available: https://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
[15] K. Zetter, "Everything we know about Ukraine's power plant hack," Wired, Jan. 2016,
https://www.wired.com/2016/01/everything-we-know-about-ukraines-power-plant-hack/
[16] J. Berger, "A dam, small and unsung, is caught up in an Iranian hacking case,"
NY Times, Mar. 25, 2016. [Online]. Available: https://www.nytimes.com/2016/03/26/
nyregion/rye-brook-dam-caught-in-computer-hacking-case.html
[17] Slashdot, "DDoS attack halts heating in Finland amidst winter," 2016. [Online].
Available: https://it.slashdot.org/story/16/11/08/1428217/ddos-attack-halts-heating-infinland-amidst-winter
[18] S. Soltan, P. Mittal, and V. Poor, "BlackIoT: IoT botnet of high wattage devices can
disrupt the power grid," in Proc. 27th Usenix Security Symp., 2018, pp. 15-32.
[19] Open Web Application Security Project, "OWASP risk rating methodology," 2019.
[Online]. Available: https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology
[20] North American Electric Reliability Corporation, "CIP standards," 2017. [Online].
Available: http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx

References

[21] NERCipedia, "CIP-010-2-Cyber security-Configuration change management and

[1] Broadband Internet Technology Advisory Group. (2016). Internet of Things (IoT) secu-

vulnerability assessments," LiveWire Compliance, 2014. [Online]. Available: nercipedia

rity and privacy recommendations. BITAG, Denver, CO. [Online]. Available: https://www

.livewirecompliance.com/active-standards/cip-010-2-cyber-security-configuration-change-

.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_

management-and-vulnerability-assessments/

Privacy_Recommendations.pdf

[22] National Institute of Standards and Technology. (2014). Cybersecurity frame-

[2] L. Columbus, "Internet of Things market to reach $267B by 2020," Forbes, Jan.

work. Gaithersburg, MD. [Online]. Available: https://www.nist.gov/sites/default/files/

2017. [Online]. Available: https://www.forbes.com/sites/louiscolumbus/2017/01/29/

documents/cyberframework/cybersecurity-framework-021214.pdf

internet-of-things-market-to-reach-267b-by-2020/

[23] Software Engineering Institute, "Electricity subsector cyber security capabil-

[3] IEEE Internet of Things, "IoT scenarios," IEEE, 2019. [Online]. Available: https://

ity management maturity model (ES-C2M2)," Carnegie Mellon Univ., 2014. [Online].

iot.ieee.org/iot-scenarios.html

Available: https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=81836

[4] IBM Institute for Business Value. 2018. Internet of threats: Securing the Internet

[24] D. D. Chen, M. Egele, M. Woo, and D. Brumle, "Towards automated dynamic analy-

of Things for industrial and utility companies. IBM, Armonk, NY. [Online]. Available:

sis for Linux-based embedded firmware," in Proc. 14th ACM Workshop Hot Topics in

https://internetofbusiness.com/wp-content/uploads/2018/03/Internet-of-threats-IBV-

Networks, 2015.

report-12-March-2018_BENCHMARK-INSIGHTS.pdf

[25] Office of the Press Secretary, "Critical infrastructure security and resilience:

[5] T. Yu, V. Sekar, S. Seshan, Y. Agarwal, and C. Xu, "Handling a trillion (unfixable)

Presidential policy directive 21," The White House, 2013. [Online]. Available: https://

flaws on a billion devices: Rethinking network security for the Internet-of-Things," in

obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-

Proc. 14th ACM Workshop Hot Topics in Networks, 2015. doi: 10.1145/2834050.2834095.

directive-critical-infrastructure-security-and-resil

[6] International Telecommunication Union, "ITU-T recommendations," 2019.

[26] Energy Sector Control Systems Working Group. (2011). Roadmap to achieve

[Online]. Available: http://handle.itu.int/11.1002/1000/11559

energy delivery systems cybersecurity. Washington, D.C. [Online]. Available: https://

[7] National Instruments, "The Industrial Internet of Things," 2017. [Online]. Avail-

www.energy.gov/sites/prod/files/Energy%20Delivery%20Systems%20Cybersecurity%20

able: http://www.ni.com/pdf/company/en/Trend_Watch_IIOT.pdf

Roadmap_finalweb.pdf

[8] Department of Homeland Security, "NIPP supplemental tool: Executing a critical

[27] Congress.gov, "The cybersecurity information sharing act of 2014." Library of

infrastructure risk management approach," 2019. [Online]. Available: https://www.dhs

Congress, 2014. [Online]. Available: https://www.congress.gov/bill/113th-congress/

.gov/publication/nipp-2013-ci-risk-management-approach

senate-bill/2588

38

IEEE SYSTEMS, MAN, & CYBERNETICS MAGAZINE Ju ly 2019


https://ieeexplore.ieee.org/document/6209381/ https://ieeexplore.ieee.org/document/6209381/ https://ec.europa.eu/jrc/en/publication/eur-scientific-and-technical-research-reports/risk-assessment-methodologies-critical-infrastructure-protection-part-i-state-art https://ec.europa.eu/jrc/en/publication/eur-scientific-and-technical-research-reports/risk-assessment-methodologies-critical-infrastructure-protection-part-i-state-art https://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet https://www.wired.com/2016/01/everything-we-know-about-ukraines-power-plant-hack/ https://www.nytimes.com/2016/03/26/nyregion/rye-brook-dam-caught-in-computer-hacking-case.html https://www.nytimes.com/2016/03/26/nyregion/rye-brook-dam-caught-in-computer-hacking-case.html https://it.slashdot.org/story/16/11/08/1428217/ddos-attack-halts-heating-in-finland-amidst-winter https://it.slashdot.org/story/16/11/08/1428217/ddos-attack-halts-heating-in-finland-amidst-winter https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx http://livewirecompliance.com/wp-signup.php?new=nercipedia https://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf http://livewirecompliance.com/wp-signup.php?new=nercipedia https://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf http://livewirecompliance.com/wp-signup.php?new=nercipedia https://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf https://www.forbes.com/sites/louiscolumbus/2017/01/29/internet-of-things-market-to-reach-267b-by-2020/ https://www.forbes.com/sites/louiscolumbus/2017/01/29/internet-of-things-market-to-reach-267b-by-2020/ https://iot.ieee.org/iot-scenarios.html https://iot.ieee.org/iot-scenarios.html https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=81836 https://internetofbusiness.com/wp-content/uploads/2018/03/Internet-of-threats-IBV-report-12-March-2018_BENCHMARK-INSIGHTS.pdf https://internetofbusiness.com/wp-content/uploads/2018/03/Internet-of-threats-IBV-report-12-March-2018_BENCHMARK-INSIGHTS.pdf https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil http://handle.itu.int/11.1002/1000/11559 https://www.energy.gov/sites/prod/files/Energy%20Delivery%20Systems%20Cybersecurity%20Roadmap_finalweb.pdf https://www.energy.gov/sites/prod/files/Energy%20Delivery%20Systems%20Cybersecurity%20Roadmap_finalweb.pdf https://www.energy.gov/sites/prod/files/Energy%20Delivery%20Systems%20Cybersecurity%20Roadmap_finalweb.pdf http://www.ni.com/pdf/company/en/Trend_Watch_IIOT.pdf http://www.Congress.gov https://www.dhs.gov/publication/nipp-2013-ci-risk-management-approach https://www.congress.gov/bill/113th-congress/senate-bill/2588 https://www.congress.gov/bill/113th-congress/senate-bill/2588 https://www.dhs.gov/publication/nipp-2013-ci-risk-management-approach

IEEE Systems, Man and Cybernetics Magazine - July 2019

Table of Contents for the Digital Edition of IEEE Systems, Man and Cybernetics Magazine - July 2019

Contents
IEEE Systems, Man and Cybernetics Magazine - July 2019 - Cover1
IEEE Systems, Man and Cybernetics Magazine - July 2019 - Cover2
IEEE Systems, Man and Cybernetics Magazine - July 2019 - Contents
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 2
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 3
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 4
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 5
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 6
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 7
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 8
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 9
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 10
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 11
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 12
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 13
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 14
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 15
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 16
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 17
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 18
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 19
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 20
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 21
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 22
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 23
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 24
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 25
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 26
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 27
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 28
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 29
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 30
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 31
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 32
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 33
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 34
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 35
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 36
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 37
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 38
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 39
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 40
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 41
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 42
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 43
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 44
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 45
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 46
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 47
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 48
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 49
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 50
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 51
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 52
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 53
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 54
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 55
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 56
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 57
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 58
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 59
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 60
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 61
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 62
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 63
IEEE Systems, Man and Cybernetics Magazine - July 2019 - 64
IEEE Systems, Man and Cybernetics Magazine - July 2019 - Cover3
IEEE Systems, Man and Cybernetics Magazine - July 2019 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/smc_202110
https://www.nxtbook.com/nxtbooks/ieee/smc_202107
https://www.nxtbook.com/nxtbooks/ieee/smc_202104
https://www.nxtbook.com/nxtbooks/ieee/smc_202101
https://www.nxtbook.com/nxtbooks/ieee/smc_202010
https://www.nxtbook.com/nxtbooks/ieee/smc_202007
https://www.nxtbook.com/nxtbooks/ieee/smc_202004
https://www.nxtbook.com/nxtbooks/ieee/smc_202001
https://www.nxtbook.com/nxtbooks/ieee/smc_201910
https://www.nxtbook.com/nxtbooks/ieee/smc_201907
https://www.nxtbook.com/nxtbooks/ieee/smc_201904
https://www.nxtbook.com/nxtbooks/ieee/smc_201901
https://www.nxtbook.com/nxtbooks/ieee/smc_201810
https://www.nxtbook.com/nxtbooks/ieee/smc_201807
https://www.nxtbook.com/nxtbooks/ieee/smc_201804
https://www.nxtbook.com/nxtbooks/ieee/smc_201801
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_1017
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0717
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0417
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0117
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_1016
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0716
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0416
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0116
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_1015
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0715
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0415
https://www.nxtbook.com/nxtbooks/ieee/systems_man_cybernetics_0115
https://www.nxtbookmedia.com