Title:Toward Cybersecurity Testing and Monitoring of IoT Ecosystems

Abstract:We describe a framework and tool specification that represents a step towards cybersecurity testing and monitoring of IoT ecosystems. We begin with challenges from a previous paper and discuss an integrated approach and tools to enable testing and monitoring to address these challenges. We also describe exemplary use cases of IoT ecosystems and propose approaches to address the challenges using the framework and tools. The current status of this work is that the specification and conceptualisation is complete, use cases are understood with clear challenges and implementation / extension of the tools and framework is underway with tools at different stages of development. Several key observations have been made throughout this work, as follows. 1) Tools may be used in multiple different combinations, and ad-hoc use is also encouraged, where one tool may provide clues and other tools executed to undertake further investigations based on initial results. 2) Automated execution of tool chains is supported by workflows. 3) support for immutable storage of audit records of tests and results is an important requirement. 4) Indicators (observations or measurements representing information of relevance for assessment of cyber security) are a key mechanism for intercommunication between one tool and another, or with the operator. 5) Mapping this work to established security development lifecycles is a useful means of determining applicability and utility of the tools and framework. 6) There is a key interplay between devices and systems. 7) Anomaly detection in multiple forms is a key means of runtime monitoring. 8) Considerable investigation is needed related to the specifics of each device / system as an item of further work.