Towards an Internet of Secure Things

Our digital society, including its digital industry, is becoming increasingly dependent on information and communication technologies and this is amplified by the introduction and uncontrolled proliferation of Internet-of-Things technologies that do not only make our lives easier, but also introduce massive new cyber security threats

The digitization of our society and our economy has led to a dependency on information and communication technologies and thus to serious risks related to our cyber security. Until recently risks were, in general, restricted to information security, network security and application security ensuring the confidentiality, the availability and the integrity of data, but with the Internet-of-Things (IoT) we are seamlessly connecting the cyber and the physical worlds extending the risk area to safety requiring a broader perspective on security.  

IoT is turning out to be one of the weakest spots in our infrastructure. With billions and in the near future potentially trillions of devices, the security risks are growing at great rates. Our economic and societal forces are creating a perfect storm, a pervasive infrastructure of trillions of IoT devices which on one hand will oversee our lives and economy, and on the other hand will be completely unmanageable from a security perspective. To compound the risk, IoT systems are often devised and engineered in places where we have no control on, and unless we want to basically surrender our digital sovereignty by only relying on foreign solutions for our national cyber security, we need to find a way to secure them regardless of provenance and built-in malicious intents. 

We are at a watershed moment in history and unless we take action immediately, we run the risk of being overcome by technology that will fundamentally and irreversibly undermine our cyber security and our safety. It is not just a matter of achieving an acceleration of technological innovations, it is actually a matter of achieving a transformative change in society.

Latest News

CIP-sponsered Webinar on IoT with Phil Zimmermann

CIP Webinar IoT - 2 December In this webinar managed by the Information Security and Privacy Protection Center (CIP), the...

INTERSCT21 – FUSION has been postponed

Regrettably and with a heavy heart, we have to inform the community that despite our best efforts to try and provide an...

New paper from RU at EAI SecureComm 2021

"The use of compression might actually be breaking the privacy that you think encryption is providing to you"Pol Van Aubel A new...

INTERSCT. Conference on Cyber Security of Internet-of-Things 2021

Towards a secure, safe, and resilient digital society On 24 November 2021, at the MediaPlaza (Jaarbeurs) in Utrecht, the...

Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale

This article summarizes our findings from “Out of Sight, Out of Mind: Detecting Orphaned Web Pages at Internet-Scale”, by Stijn...

INTERSECT will be presented at One Conference 2021

On 29 September, Professor Roland van Rijswijk-Deij and Dr. Luca Allodi will present INTERSECT the goals and the current status...

Professor Bart Jacobs awarded with the Stevin Prize by NWO

Bart Jacobs, Professor of Security, Privacy and Identity at Radboud University Nijmegen, and a member of the INTERSCT Project,...

An Overview of the INTERSCT Consortium

In the period between the end of June and the beginning of July the INTERSCT consortium held online meetings for all the...

Register for the 3rd Workshop on Attackers and Cyber-Crime Operations at EuroS&P

Together with Dr. Alice Hutchings (University of Cambridge) and Dr. Sergio Pastrana (University Carols III, Madrid), Dr. Luca...

INTERSCT unifies efforts for Governance of Privacy and Security in IoT

The INTERSCT consortium is officially merging two of its Work Packages, i.e., Governance (WP5) and Privacy (WP6), into a single...

To secure something we cannot manage, we need to re-think the security paradigm, delegating part of the security management to the system that needs to autonomously adapt to the changing environment, while remaining under our supervision, and re-think accordingly all our security technologies. We need to be able to design, developmanufacture and deploy IoT systems-of-systems in a fundamentally different way enabling the overall system to become robust, resilient and trustworthy, even in the presence of individual IoT devices that are insecure or even compromised in a ε-trust environment and providing the right ecosystem for their wide adoption within industry

We actually need to be able to design, develop, manufacture and deploy new types of IoT devices with security-by-design, security-by-default, robustness and resilience in mind; while continuously preserving all safety requirements, these devices must pro-actively manage their security, actively respond to attacks, recover from attacks, resume and restore themselves to a predefined level of operation following an attack etc., that is provide an appropriate product-level service continuity.

When building these properties into the devices themselves is not possible (e.g. because we have no control over their engineering), we must have capabilities (e.g. regulations, technologies) ready to find, isolate, and neutralize potential threats. We see it as our mission to produce a paradigm shift in the engineering of Secure IoT systems, by introducing autonomously adaptive security as a new evidence-driven paradigm for system design, development, and maintenance. We will develop a new system life cycle model and relevant enabling systems that allows us to effectively and efficiently design, develop and manufacture such devices (robust and resilient and trustworthy in a ε-trust environment). We will provide industry with the incentives and instruments to adopt these new methods and manufacture IoT systems accordingly, so that governments and citizens can adopt them, thereby enabling the birth and the growth of an Internet of Secure Things. This will eventually have a profound societal impact.

Nevertheless, at the same time, digitalization also involves some threats which need to be mitigated: the more digital manufacturing companies become, the more vulnerable they are in terms of cyber-security.

EFFRA, Made in Europe (July 2020)

It is imperative that leaders strategically manage information risks, work towards a culture of shared cyber-risk ownership across organizations and take a strategic approach to cyber resilience. Effective cyber resilience requires a combined and aligned multi-disciplinary effort to move beyond compliance to cohesive business and digital enablement.

World Economic Forum (July 2020)

..and the rise of the Internet of Things increases vulnerability to cyber attacks. All this and more means that cyber security has never been more important.

Dutch Parliament (May 2020)

…, the Internet of Things (IoT) is not in itself a new technological development … However, because of the great flight it is expected to take in the coming years, it forces us to rethink how to deal with its vulnerabilities.

Rathenau Institute (July 2020)

INTERSECT Public Private Partnership

The R&D and (technological) innovation program on Cyber Security of Internet-of-Things is supported by more than 40 partners from academia, industry, government and civil society. The respective partners are: