Resilient IoT on the Edge (RIoTE)

L I M

Current and emerging technologies are transforming the systems we rely on every day. Smart sensors help us to use our water, power, transport links, cities and agricultural land better. We are already adapting the design of these systems to incorporate the latest sensors, more intelligent analysis tools and new ways of connecting them to the pumps, valves, switches and other things that enable computers to control our essential physical infrastructure. These more sophisticated control systems significantly improve productivity, make better use of scarce resources, reduce pollution and increase our prosperity. But are they making our critical infrastructure more vulnerable to attack or to unforeseen failures?

RIoTE starts from a simple assumption: that we have already tried many ways of designing and implementing these systems and learnt valuable lessons about what works and what does not. The project aims to collect these good design patterns – good ways of building systems that are resilient to attacks and other hazards – and it will also collect the designs that experience shows are to be avoided (so-called anti-patterns). It will then explore how best to make them available to everyone so that anyone can quickly find good designs, and avoid bad designs, when they are faced with building new infrastructure or maintaining and improving existing systems.

RIoTE will take advantage of existing National Cyber Security Centre (NCSC) secure design patterns and build on related Warwick research in resilient architectures for cyber security. By studying systems in the wild and through the use of lab experiments and simulations, the project will also consider socio-technical patterns such as organisational structures and designs that avoid cognitive overload. An important aspect of the research will be consideration of attack patterns, including cascade and blended attacks, and how to mitigate them through general resilience, which builds in resilient characteristics without having to list vulnerabilities or threats.