Security and privacy of things: Regulatory challenges and gaps for the secure integration of cyber-physical systems

Abstract

The rise of interconnected “intelligent” objects that move their capabilities from sensing and data processing to decision making will be a disruptive phenomenon that further widens the gaps between legal, regulatory and technological approaches. This research sets out to establish a guided road map through the maze of regulation by incorporating the fragmented governance efforts into a single focus where security and privacy gaps unique to machine-to-machine communication (M2M) are identified against key performance metrics. We use privacy, ethics, trust, legality, data sharing, operational integration and device and communication protocols as our key performance metrics to highlight areas of significant overlap and gaps in a comprehensive list of standards to assist policymakers and researchers in the field. Results also indicate that policy concerns and diffused responses from existing standards raise unacceptable risks for the cyber and physical spheres in the IoT preventing their integration with existing hierarchical security architectures and reducing the opportunities for mass-market economies of scale.