Towards an Internet of Secure Things

Our digital society, including its digital industry, is becoming increasingly dependent on information and communication technologies and this is amplified by the introduction and uncontrolled proliferation of Internet-of-Things technologies that do not only make our lives easier, but also introduce massive new cyber security threats

The digitalization of our society and our economy has led to a dependency on information and communication technologies and thus to serious risks related to our cyber security. Until recently risks were, in general, restricted to information security, network security and application security ensuring the confidentiality, the availability and the integrity of data, but with the Internet-of-Things (IoT) we are seamlessly connecting the cyber and the physical worlds extending the risk area to safety requiring a broader perspective on security.  

IoT is turning out to be one of the weakest spots in our infrastructure. With billions and in the near future potentially trillions of devices, the security risks are growing at great rates. Our economic and societal forces are creating a perfect storm, a pervasive infrastructure of trillions of IoT devices which on one hand will oversee our lives and economy, and on the other hand will be completely unmanageable from a security perspective. To compound the risk, IoT systems are often devised and engineered in places where we have no control on, and unless we want to basically surrender our digital sovereignty by only relying on foreign solutions for our national cyber security, we need to find a way to secure them regardless of provenance and built-in malicious intents. 

We are at a watershed moment in history and unless we take action immediately, we run the risk of being overcome by technology that will fundamentally and irreversibly undermine our cyber security and our safety. It is not just a matter of achieving an acceleration of technological innovations, it is actually a matter of achieving a transformative change in society.

Latest News

Looking Back on the Second AFFECT Workshop

The second AFFECT (Automated Finding, Fixing, or Exploiting of Security Vulnerabilities) workshop, in collaboration with ACCSS,...

Looking Back on the Second Collaborative PhD Workgroup of ACCSS and INTERSCT

On the 30th of April, the second PhD workgroup in collaboration with ACCSS and INTERSCT took place in Leiden. During the...

Bart Groothuis and Ben Kokx among the Keynote Speakers at INTERSCT.24 Conference

The INTERSCT.24 Conference is approaching fast. In slightly more than 2 weeks, on May 28th, the Eindhoven University of...

SAVE THE DATE! INTERSCT Conference on May 28th at TU/Eindhoven

The INTERSECT consortium is happy to announce that the 2024 edition of INTERSCT.Conference will be held at TU...

Thoughts on INTERSECT from iTrust Centre, Singapore

During the 4th edition of the INTERSCT. Round Table on cyber security of Internet-of-Things, the INTERSECT...

New publication by TNO on Cybercrime Prevention

A recent collaborative work between TNO-CST and TNO-ESI stresses the importance of considering security and safety throughout an...

A Successful First Edition of FUSE5G

Friday 19th of January 2024, with the sponsoring of INTERSECT, TNO and Radboud University successfully held the 1st edition...

The first Forum to Unite Security Experts in 5G (FUSE5G)!

TNO and Radboud University Nijmegen proudly invite you to the first community event of the Forum to Unite Security Experts in 5G...

INTERSCT Papers at Cyber Hunt 2023

The following papers by researchers of TU Eindhoven (TU/e) in INTERSECT will be part of the 6th Annual Workshop on Cyber Threat...

Policy Brief by TILT Researchers on the EU Cyber Solidarity Act

The EU Commission, in April 2023, proposed the Cyber Solidarity Act; an Act aimed at improving Europe’s capacity to detect,...

To secure something we cannot manage, we need to re-think the security paradigm, delegating part of the security management to the system that needs to autonomously adapt to the changing environment, while remaining under our supervision, and re-think accordingly all our security technologies. We need to be able to design, develop, manufacture and deploy IoT systems-of-systems in a fundamentally different way enabling the overall system to become robust, resilient and trustworthy, even in the presence of individual IoT devices that are insecure or even compromised in a ε-trust environment and providing the right ecosystem for their wide adoption within industry. 

We actually need to be able to design, develop, manufacture and deploy new types of IoT devices with security-by-design, security-by-default, robustness and resilience in mind; while continuously preserving all safety requirements, these devices must pro-actively manage their security, actively respond to attacks, recover from attacks, resume and restore themselves to a predefined level of operation following an attack etc., that is provide an appropriate product-level service continuity.

When building these properties into the devices themselves is not possible (e.g. because we have no control over their engineering), we must have capabilities (e.g. regulations, technologies) ready to find, isolate, and neutralize potential threats. We see it as our mission to produce a paradigm shift in the engineering of Secure IoT systems, by introducing autonomously adaptive security as a new evidence-driven paradigm for system design, development, and maintenance. We will develop a new system life cycle model and relevant enabling systems that allows us to effectively and efficiently design, develop and manufacture such devices (robust and resilient and trustworthy in a ε-trust environment). We will provide industry with the incentives and instruments to adopt these new methods and manufacture IoT systems accordingly, so that governments and citizens can adopt them, thereby enabling the birth and the growth of an Internet of Secure Things. This will eventually have a profound societal impact.

Nevertheless, at the same time, digitalization also involves some threats which need to be mitigated: the more digital manufacturing companies become, the more vulnerable they are in terms of cyber-security.

EFFRA, Made in Europe (July 2020)

It is imperative that leaders strategically manage information risks, work towards a culture of shared cyber-risk ownership across organizations and take a strategic approach to cyber resilience. Effective cyber resilience requires a combined and aligned multi-disciplinary effort to move beyond compliance to cohesive business and digital enablement.

World Economic Forum (July 2020)

..and the rise of the Internet of Things increases vulnerability to cyber attacks. All this and more means that cyber security has never been more important.

Dutch Parliament (May 2020)

…, the Internet of Things (IoT) is not in itself a new technological development … However, because of the great flight it is expected to take in the coming years, it forces us to rethink how to deal with its vulnerabilities.

Rathenau Institute (July 2020)