WICSPIT 2018 - 2018 Workshop on Innovative CyberSecurity and Privacy for Internet of Things

Cyber-attackers are steadily getting more creative and ambitious in their exploits and causing real-world damage (e.g., the German steel mill attack in 2014, the Ukrainian Power Grid attack in 2015, the Mirai Botnet DDoS attacks of 2016 and onward, increasing ransomware attacks, etc.). Proprietary and personally identifiable information are vulnerable to leakage as well (e.g., the Sony hack in 2014, the US Office of Personnel Management in 2014). The Internet of Things (IoT), a platform which allows everything to process information, communicate data, and analyze context opens up new vulnerabilities for both security and privacy. Smart buildings and smart cities, for example, will collect and process data for millions of individuals. Industrial systems, which were never intended to be linked via common protocols, are recognized as suddenly being open to security threats that can limit service availability and possibly cause considerable damage. Autonomous systems allowed to operate with minimal oversight are ripe targets for cyber-attacks. Data stored and processed in confidence in the cloud may be subject to exfiltration, leading to public embarrassment or the exposure of proprietary information. Ransomware has emerged in the public consciousness after multiple high-profile attacks, and many experts forecast that it will become a major threat to IoT and critical infrastructure in the very near future.
As cyber-events increase in number and severity, security engineers must incorporate innovative cybersecurity strategies and technologies to safeguard their systems and confidential information. A strategy to address a cybersecurity vulnerability, once identified, must understand the nature of the vulnerability and how to mitigate it. The “security tax” or “privacy tax” (system and service degradation) caused by the implementation of the mitigating security technologies may be so great that the end user bypasses the technologies and processes meant to ensure the system’s security and privacy. A practical reality of the adoption of IoT is that it will require integration of new technologies with existing systems and infrastructure, which will continue to expose new security and privacy vulnerabilities; re-engineering may be required. The human element of IoT, the user, must be considered, and how the user and the IoT system interact to optimize system security and user privacy must be defined. Cyber-attackers and cyber-victims are often in different countries, the transnational nature of many cyber-events necessitate the consideration of public policy and legal concerns as well.
This workshop aims to showcase new and emerging strategies and technologies for forecasting, mitigating, countering, and attributing cyber-events that threaten security and privacy within the realm of IoT. Additionally, we invite arguments for innovative and off-the-wall solutions that have sound academic backing. The institutional benefits of IoT adoption are clear, however security and privacy concerns are constantly coming to light. As organizations—both public and private, large and small—adopt new IoT technologies, we hope that this forum can serve as an opening conversation between government, industry, and academia for the purpose of addressing those concerns.
Topics of Interest
Topics of interest include (but are not limited to):
Cybersecurity and Privacy approaches
Honeypots, Honeynets and Honeypatches
Deception-based approaches
Encrypted Computing and Secure Computation
Active and Passive Cybersecurity
Firmware vetting
Privacy-Enhancing Technologies
Intelligence and Counter-Intelligence
Security and Privacy Engineering
Cyber-security Settings
Cybersecurity and Privacy in Cyber-Physical Systems
Industrial Internet
The Intersection of IoT, Social Media and other Pervasive Computing Platforms, and Enterprise Security
Smart Cities
Cyber-Physical Power Systems
Data analytics for cybersecurity
Predictive Cybersecurity
Event Analysis
Event Attribution and Cyber-Forensics
Cybersecurity metrics
Security and Privacy Metrics and Analysis
Metrics of defense effectiveness
Quantifying the ‘security/privacy tax’
Human/Societal issues
Legal and Policy Topics related to Cybersecurity and Privacy
Human Factors in Cybersecurity and Privacy
Inter-Organizational Cyber-Threat Information Sharing
Other topics
Integration of New Technology into Existing Systems
Situational Awareness
System Situational Awareness
Emerging Threats
Malware Analysis
Event Recovery
Security as a Service (SaaS)
Privacy as a Service (PaaS)