MAOSCO Limited, 1st Floor, GPS House, 215 Great Portland Street, W1W 5PN London, United Kingdom Registered in England & Wales no.3290642

MULTOS is a trademark of MULTOS Limited.

Leveraging the Open MULTOS

Standards for Smart Meters Securing & Enhancing Smart Solutions

Abstract

This paper discusses some of the fundamental security risks facing Smart

Utility Meters and reviews how these can be addressed with the widely

implemented Open MULTOS Standard. Additional benefits of enhanced

flexibility and potential cost efficiencies are highlighted, allowing meter

manufacturers, energy management solution providers, and utility

companies to review if MULTOS technology is suitable as part of an overall

system and business enabling approach.

MAOSCO Ltd.

Page 1 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

© 2017 MAOSCO Limited – All Rights Reserved

All rights reserved. You may download, store, display on your computer, view, print, and link to the

MAOSCO Limited “Leveraging the Open MULTOS Standards for Smart Meters” at www.multos.com

subject to the following: (a) the Report may be used solely for your personal, informational, non-

commercial use; (b) the Report may not be modified or altered in any way; (c) the Report may not be

redistributed; and (d) the trademark, copyright or other notices may not be removed. You may quote

portions of the Report as permitted by the Fair Use provisions of the UK Copyright, Designs and

Patents Act 1988, provided that you attribute the portions to MAOSCO Limited “Leveraging the Open

MULTOS Standards for Smart Meters”.

Page 2 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

Contents

The Connected Infrastructure Promise and Problem ............................................................................. 3

How can MULTOS be leveraged for Smart Meters? ............................................................................... 5

MULTOS Overview .................................................................................................................................. 6

The MULTOS Technology ................................................................................................................ 6

The MULTOS Consortium ................................................................................................................ 7

1) Device Software .................................................................................................................................. 8

2) Endpoint Device Identity and Authentication .................................................................................... 9

3) Data Safeguards ................................................................................................................................ 10

4) Provisioning ...................................................................................................................................... 11

5) Lifecycle Management ...................................................................................................................... 12

6) Flexible Remote Interactions ............................................................................................................ 13

7) Cost Efficiencies ................................................................................................................................ 15

8) Low Power Consumption .................................................................................................................. 17

Conclusions ........................................................................................................................................... 18

Bibliography .......................................................................................................................................... 19

Page 3 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

The Connected Infrastructure Promise and Problem

Over the past few years’ significant hype has been reported about the future for consumers and

businesses as an increasing number of devices and services are expected to become interconnected.

The potential benefits permeate business, consumerism, technology, and society. Common phrases

for this evolving paradigm include; the second digital revolution, the fourth industrial revolution, and

the Internet of Things (IoT). The Gartner technology hype cycle (Gartner, 2016a) predicts that IoT

emerging technology will mature and reach mainstream adoption in perhaps 5 years. Hence today is

a perfect time for solution providers and manufacturers to review facilitating technologies.

Smart Meters are considered part of the wider

IoT eco-system and promise to offer a range of

benefits to businesses and consumers. For the

consumers Smart Meters can allow a greater

level of utility consumption monitoring and

control, thus potentially improving utility

management and reducing wasteful

consumption. For utility businesses the meters

can improve efficiencies associated to billing

and overall utility management. Aside from

the commercial and consumer gains Smart

Meters are seen as an eco-friendly upgrade.

Millions of Smart Meters have already been installed as part of major national roll outs and initial

pilots. The very nature of using Smart Meters that are connecting to central systems and using

electronic communication protocols to transfer data can increase the risk of cyber-attack. As a smart

meter may control the energy supply to a home, a cyber attack may cause power cuts to large

populations for extended periods of time, particularly if the meter's communications have been

disabled as part of the attack. Security architectures deployed can vary from one implementation to

another, some more secure than others, and the complexity and flexibility provided may also differ.

For connected devices in general, various reports have highlighted the need for a much stronger focus

on security. Research firms have made stark claims relating to the security risks.

Page 4 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

The security level required by connected device solutions will vary depending on the functions they

are performing, the criticality of the data they are managing, and desire to avoid business impacts.

Some businesses may feel the risks are acceptable to minimize costs or to reduce time to market.

Countless generic cyber security hack reports

have been published, particularly relating to

data base system components where thieves

obtained batches of personal or financial data

for fraudulent use. Particularly concerning for

IoT systems are the reports of endpoint and

control systems attacks, which as highlighted by

the cases below can lead to business

reputational and financial impacts and actual

physical damage.

In 2010 the Stuxnet computer worm was identified revealed a sophisticated cyber-attack targeting a

uranium enrichment facility in Iran. Its delivery channel was a USB memory device and it targeted

embedded firmware running on sensors and control systems (Langner. R, 2011).

In 2013 a major breach occurred at a US retailer, as 70 million stored customer card details were

compromised, resulting in a high cost for the firm, its customers, its employees, and impacted banks.

High-ranking employees lost their jobs including the CEO and CIO. The attack consisted of an email

containing malware which was sent to a connected partner firm and likely contained a password-

stealing bot program which later stole credentials to an online vendor portal (Radichel. T, 2014).

In 2015 a power blackout caused by an external cyber-attack impacted 225,000 people in Ukraine.

Thought to be the first successful attack on public utilities, malware was used to shutdown critical

infrastructure (Wired, 2016c).

Attack vectors may include; software, hardware, data and communication, identification, controlling

systems, remote updates, and provisioning. As connected device numbers increase, so the potential

risks are expected to increase. The IoT economy has been forecast at $8 trillion over the next ten years

(cbronline, 2015), a strong indicator that hacking will be increasingly attractive to fraudsters. By

reviewing appropriate security measures at the outset of the design, businesses can prepare for the

risks of today and the inevitable risks of tomorrow whilst capitalising on the potentially lucrative

connected technology opportunities.

Page 5 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

How can MULTOS be leveraged for Smart Meters?

Connected Smart Meters by their very nature introduce risk by potentially allowing remote intrusion

to their own device or access to other connected devices and supporting systems. The Smart Meters

often referred to as endpoints on the smart meter network may vary in function but regardless most

require a number of sensitive processes to be protected including:

Some Smart Meters may also require or benefit from:

Through the implementation of Public Key Infrastructure (PKI), MULTOS standard technology can

provide Smart Meters with appropriate “Hardware Root of Trust” and cost effective mechanisms to

address all such requirements. A trusted computing architecture based on PKI is widely accepted in

the IT Industry as a versatile approach to combine flexibility and security.

MULTOS utilises PKI at its core to secure endpoint connected devices.

Manufacturers and solution providers can leverage MULTOS Trust

Anchors, comprising embedded integrated circuits with the loaded

MULTOS Operating System, which provides an ultra-secure execution

environment, protecting the meter from malware and other digital

attacks. Critical data transmission can also be secured to and from the

meter. MULTOS Trust Anchors are supported by cryptographic services

via central or in-house MULTOS Certificate Authority platforms,

facilitating full end-to-end protection.

Page 6 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

MULTOS Overview

The MULTOS Technology

MULTOS technology was designed to address the need for a secure, efficient, and common standard

to provision smart cards such as those used in payment “Chip and PIN” microprocessor cards, and

government issued citizen identity cards. The MULTOS platform ensures these cards are operated

during their lifespan with a high degree of robust protection against fraudsters. The secure and flexible

MULTOS features, along with its high security reputation have allowed the technology to also become

widely used in numerous security applications, such as Identity, Access Control, Government Programs

in addition to secure EMV and contactless payment devices. Implemented worldwide in mass volume,

the MULTOS design has met and surpassed its initial brief.

Figure 1. Robust MULTOS Technology Adopted Worldwide

As in Figure 1 MULTOS smart cards were the first to achieve the EAL7 Common Criteria security

certification which is an Information Technology Security Evaluation measurement of smart cards and

other secure devices. Enabling this achievement are the security features and processes built into the

specifications that essentially provide the two core benefits of:

Page 7 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

The MULTOS Consortium

There are multiple stakeholders in the open MULTOS technology today. Thousands of card issuers

such as banks and governments utilise the technology to issue in mass volumes to end users. Some

businesses have extended their interest in the technology by becoming a member of the MULTOS

Consortium which allows them to leverage the technology benefits for their own commercial gains.

Figure 2. The MULTOS Consortium Members – January 2017

The consortium as presented in Figure 2 is a diverse mix of respected global businesses and IT security

businesses providing MULTOS related deliverables such as; secure chip supply, operating system

supply, application supply and development, data processing for issuance services and post issuance

interactions, personalization solutions and component provision, secure key management services

and solutions, application and transaction processing, consultancy and training, and business

development.

Today the ever expanding smart card industry and new smart device applications such as the IoT are

attracting new members to the consortium and driving future MULTOS evolution.

Page 8 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

1) Device Software

One significant area of risk for Smart Meters is the firmware and software operating systems and

applications. Once embedded code and applications become corrupted or infected with malware, all

manner of issues can arise.

Infected meters may cease to function as designed causing consumer frustration and system

management problems. Knock on effects such as incorrect data captured from the meter may infect

or invalidate data stored centrally. As most meters will require some form of sensitive data to be

stored at the endpoint such as authentication keys, fraudsters have a clear target for their malicious

endeavors. Likewise, attackers may target the downloading of software stored on the meter, and

threaten the manufacturer’s intellectual property.

The very nature of connected devices lends itself to cost effective remote software updates to patch

weaknesses or address incorrect functioning, but that operation assumes the device will still interact

with remote controlling systems as expected once the device becomes infected with malware, which

of course may not be the case and may lead to unexpected replacement costs and engineer visits.

Fraudsters and hackers are likely to target these areas of risk.

So what countermeasures can be employed to address under-protected software?

All such issues may be prevented by using a hardened processor or co-processor with associated

secure functions such as power scrambling, internal data encryption, and advanced error detection.

This approach of designing a device with core hardware and software countermeasures and utilizing

specific cryptographic functions to protect operations has been the bedrock for the micro-processor

industry for over 20 years, and is considered critical to thwart cyber-attacks and prevent loss of

confidence in the technology.

In the late 1990’s an attack was published based on Differential Power Analysis which later went on

to drive significant interest, concern, and evolution in the smart card industry. The attack threatened

to expose secret key information from smart cards and albeit quite difficult to perform did drive

manufacturers to add hardware and software countermeasures to new products, essentially to

preserve the reputation of the industry and the associated businesses. A clear example that could be

followed in the evolving smart utilities markets.

Page 9 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

A hardened processor with the appropriate functions could be implemented; to provide a bootstrap

secure start-up process for the meter core operating system, to ensure only verified software

applications are run within the meter, and to secure any critical data such as authentication keys.

MULTOS technology is typically implemented on hardened

processor integrated circuit components and hence can

provide the software and credential protection previously

described. To further boost the protection the addition of

a Secure Execution Environment (SEE) is built into the

operating system. The SEE acts as an on device policing

agent, ensuring strict application and associated data

segregation. This mechanism was designed to support the

multi-application capability leveraged by some MULTOS

smart card offerings for end cardholders.

2) Endpoint Device Identity and Authentication

For most Smart Meter systems, it can be critical to ensure the meters have a unique identity within

the network. If a meter is unable to maintain its intended identity any data it provides to a central

system may not be considered

trustworthy or valid. Through

provisioning faults or intended

attacks, meter ID duplications are a

system risk which at best can lead to

confusion and service disruption, but

in more severe cases can lead to fraudulent behaviour. Clearly a strong identity should be a

fundamental cornerstone of a smart meter design, but how could this be delivered?

Good IT security practice suggests that specific processes should be applied to address this risk. One

such option is to personalise the endpoint with a specific identification serial number and to add a

robust unique cryptographic identity. Figure 3 highlights the manufacturing process for MULTOS

where a unique chip identifier is generated and injected in the device to allow a cryptographic binding

of each chip to a specific owner. This is built into the MULTOS technology platform and has been

utilised by the nearly 1 billion MULTOS devices already deployed.

Figure 3. The MULTOS Robust Unique Endpoint Identity

Page 10 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

Public key cryptography is an already proven mechanism to ensure flexible IT architecture endpoint

identities. MULTOS uses this process where asymmetric key pairs (matched sets containing a public

and a private key) are generated and loaded into the secure chip to provide the endpoint with a strong

personalised identity.The MULTOS Carrier Device (MCD) ID number is linked with a specific device

issuer ID number and the PKI key set to form the robust unique identity. The latest MULTOS

specifications support strong PKI cryptographic algorithms with extended key lengths.

A second option to address the risk of a weak endpoint identity is to enforce strong mutual

authentication between the meter and the central system. The supported asymmetric and symmetric

cryptographic functions within a hardened processor can be used by the applications to ensure robust

mutual authenticity when appropriate.

3) Data Safeguards

Lost, stolen, or corrupt data can have significant financial and reputational impacts for businesses, as

clearly highlighted by the recent retailer data breach example (Radichel. T, 2014). Data stored at Smart

Meters, at central systems, and

in transit within networks is

potentially at risk.

Communication protocols

which are necessary to allow

system interaction are not

always as secure as they might

be perceived, and if considered secure all the security feature options within them may not have been

implemented. There have been reports exposing such weaknesses and poor security implementations

(Zillner. T, 2015).

Gartner predict that by the year 2020, there will be a black market exceeding $5 billion to sell fake

sensor and video data to enable criminal activity (Rossi, 2016), a concerning threat to businesses and

consumers alike. Of course not all data may need the same level of protection, and the application or

service, be that medical, personal, financial, or operational will dictate the level of protection required.

To protect utility businesses and consumers, how can a multi-layer approach be applied to ensure

adequate protection of sensitive data?

Highly secure smartcard chip technology has been

developed, enhanced and deployed worldwide for nearly

20 years. Therefore the cryptographic features supported

by smartcard platforms such as those within MULTOS

products could be used to allow additional levels of

protection for the Smart Meter data, thus boosting the

protection provided by any existing communication

protocols and security features.

Page 11 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

Figure 4 shows how a Smart Meter could benefit from the cryptographic features supported by

MULTOS to allow the additional level of protection for the sensitive data.

Figure 4. MULTOS Securing Stored and Transmitted Data

Symmetric or Asymmetric cryptography features can be employed to encrypt any data at risk, such

that the data will be of no use to any third party accessing the data without authorization.

Specifically for Prepayment meters there may be requirements to secure the sending of payment

credits to the meter and secure the reading back of energy consumption data from the meter. The

MULTOS cryptography features can be implemented to encrypt and authenticate payments and

update the keys used in the process when virtual token based systems are employed as defined in IEC

62055-41.

4) Provisioning

Often the provisioning of the Smart Meters is performed as part of the manufacturing process. For

some meters this may continue to be the applied process. However, the greater reliance on

connectivity opens up more dynamic possibilities for provisioning.

It may make sense for commercial or practical reasons to remotely provision Smart Meters. Certain

desired business models may seek to have utility or other third party applications and data loaded in

meters which are already in use. The mechanism of remote provisioning may need to factor in

functional risks with unreliable communications and security risks associated to provisioning over

insecure communication channels.

Page 12 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

Smart Meter application and data provisioning requirements may vary depending on the meter

service. Some Smart Meters may need new keys and configuration data loading when a consumer

changes utility provider. Hence how can a secure and simple mechanism be provided to facilitate these

in-field remote processes?

Utilising a strong key management method as shown in Figure 5 can provide the necessary

simplification and security required for a robust provisioning solution.

Figure 5. Simple and Secure MULTOS Provisioning

An option could be to utilise asymmetric cryptography as supported by MULTOS for managing the

deployment of the meter, and utilising either a secure packet or a secure channel to deploy the meter

content. The use of secure, encrypted load packets between the meter and the provisioning service

can further simplify and reduce key management.

The use of asymmetric cryptography easily allows the meters to be managed by the infrastructure

owner or operator, whilst third party utility providers can load their content to the meters assuming

the operator has authorized the change. Any utility provider sensitive content can be encrypted such

that the operator and any unauthorized entity would not have access. This versatile mechanism built

into the MULTOS specifications could be an efficient solution for the likely complex business models

required within some meter markets and could allow utility providers to deliver their services via the

already issued smart meter infrastructure.

5) Lifecycle Management

Considering the lifecycle of any Smart Meter should feature highly with manufacturers and solution

providers. Most meters are intended to be in use for many years and may benefit from a flexible and

controlled lifecycle. Meters

may contain sensitive data

such as authentication keys

and it may not be desirable to

leave this data within unused

meters when no longer

required. Smart Meters may

need a number of remote

Page 13 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

functional updates to reconfigure or modify the service over time. Of course security updates are a

likely requirement as attacks evolve and improve over time. What mechanism could deliver the

required security and flexibility to support these needs?

The processes for this flexibility and control were built into the open MULTOS specifications many

years ago. Figure 6 shows that life cycle process which includes;

Initial activation where the device receives its robust cryptographic ID

Application loading for issuance

Subsequent updating as required

Eventual application and associated data deletion at the end of life

Figure 6. MULTOS Asymmetric Lifecycle Management

All the steps are secured with support from an in-house or central CA or Key Management System,

providing the solution provider and device issuers with the assurance of full control of their assets and

any extended risks associated to them.

6) Flexible Remote Interactions

Many businesses are developing or have already developed management systems to remotely service

Smart Meters. Often referred to as Device Management platforms, they usually perform a range of

activities such as; diagnostics, software updates,

and lifecycle management. The increase in

companies adopting such systems along with

connectivity and application management

platforms is expected to fuel the forecast 30.8%

(CAGR) in revenues from third party IoT platforms

between 2015 and 2021 (Berg Insight, 2016). As

connected eco-systems develop, what flexible

processes could be implemented to allow the

leveraging of existing systems?

Page 14 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

Asymmetric cryptography using the processes supported by MULTOS technology can not only simplify

the key management, but can also ensure a high degree of provisioning and meter management

flexibility. Figures 7, 8, and 9 show how a meter could be updated directly by a system that knows the

meter and its PKI credentials. Alternatively if the system does not know the meter credentials, the

meter can be requested to provide them, thus allowing utility third parties to modify the meter

content, assuming they have an agreement to do so with the operator. This could be a very useful

feature for systems updating meters that they do not own or manage. Also a system could prepare

the meter updates offline, perhaps using a batch processing approach, allowing for later retrieval and

updating by the meter itself.

Figure 7. Push – Known Public Key Updating

Figure 8. Push – Requested Public Key Updating

Figure 9. Pull – Known Public Key Updating

Having this level of flexibility built into a system can help to future proof the solution by allowing for

new features and business models, and may ultimately improve the commercial monetization of the

service.

Page 15 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

7) Cost Efficiencies

Securing Smart Meters could be fundamental, but we should also consider cost efficient scaling of the

infrastructure. The cost of the meters and the overall system is critical for business viability, and in

some cases security may be sacrificed to reduce costs.

Each business must decide their own level of acceptable risk regarding any security verses cost trade-

offs. In the digital technology industries few would argue that security is not a concern in the ever

increasingly connected world, and systems not already targeted by hackers and fraudsters today may

well become attractive targets in the future. So clearly some security is desirable, but is it possible to

provide adequate security without significant additional cost?

By utilising PKI technology, it could well be possible to comprehensively address security concerns

whilst minimizing costs. Derived from the GSMA IoT endpoint security guidelines (GSMA, 2016), the

diagram in Figure 10 highlights asymmetric security with personalised keys, which is supported by

MULTOS, as the most secure approach to protect connected devices and the most likely to remain

secure for the long life spans of connected devices.

Figure 10. PKI Recommended for Security, also Delivers Efficiencies

By using asymmetric cryptography cost efficiencies could be realised, including:

Page 16 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

Further cost efficiencies could be realised within the meter design via the configuration approach

adopted. Figure 11 presents the architecture where a separate secure element co-processor is used

by the main processor to handle specific security related functions. This architecture may be easier to

implement for some designs as it may be less disruptive to an existing meter product configuration.

Figure 11. MULTOS implemented as a separate co-processor

Alternatively, the MULTOS security could be implemented within the main microcontroller as shown

in Figure 12. This could present a more cost efficient overall architecture with a lower bill of materials.

Figure 12. MULTOS implemented within the main microcontroller

The specific configuration option selected should consider a number of factors, including:

Page 17 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

8) Low Power Consumption

MULTOS secure implementations are designed with low power consumption in mind. Devices can

include separate power domain options for embedded low power modes, ideal for battery power

supplied Smart Meters such as gas and water meters.

Low Power Mode

This is the ability for an application to go into a reduced power mode of operation when it is waiting

to receive an embedded event call. Testing to date has revealed it can reduce the secure chip current

consumption from 10mA to 3mA.

Power Domains

Current implementations have three power domains:

Main power domain for the majority of the chip

The GPIO front end power domain

The ISO front end power domain

Typically implementations draw very little current when only the GPIO power domain is powered up,

which has been tested at less than 0.1uA. This can allow a permanently powered up low power mode

of operation. When the MULTOS O.S is called for a specific security function to be used the powered

up state can switch as required, and then revert back to a low power mode when the security function

has been performed, resulting in very little battery drain.

Page 18 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

Conclusions

With the significant opportunities Smart Meters can offer utility businesses, and the evident increasing

risks derived from the digital inter-connections, it is clear that security should be seriously considered

within an overall system design. The level of acceptable security should be based on; costs, time-to-

market, reputational and financial risks from cyber-attacks, business and consumer privacy,

protection, safety, and potential evolutions required of a system or meter over time.

Attackers targeting software is a common risk within IT and may increase as more Smart Meters are

inter-connected. The MULTOS technology with hardware and software countermeasures and a

successful history in the smart card industry does offer suitable protection.

Ensuring Smart Meters are identified as unique within their network and operate with adequate

mutual authentication is an obvious design focus to avoid functional issues and potential fraud. With

MULTOS authentication features a robust unique cryptographic identity can be easily enforced.

Protecting the sensitive data within utility systems may be critical. Different applications and data

elements may require different levels of protection based on their sensitivity and type of use. Hackers

may target sensitive data to either commit fraudulent activities or damage business reputations.

Trusted security features from the smart card industry as supported by MULTOS can further enhance

any security provided by existing connectivity protocols. A sound “belt and braces” approach is

recommended to ensure protection over time and the longevity of the solution.

Provisioning, the process to load applications and data within a meter either initially or when in use

should warrant some careful consideration of the current needs and of potential future business

opportunities. Some markets have requirements for this flexibility. MULTOS provisioning is ideally

suited to provide a simple and secure mechanism to meet these requirements.

Smart Mater life spans may cover many years. Implementing a controlled whole lifecycle approach

can not only protect the meters and solutions but can also ensure they remain flexible and versatile.

The proven robust MULTOS lifecycle process can offer such security and flexibility.

Managing Smart Meters can often be most efficiently achieved via remote systems. Such meter

management systems may need to not only manage or interact with their own meters, but may also

need to control applications and data on third party owned meters. MULTOS technology offers flexible

options to facilitate these processes.

The implementation of PKI cryptography to enhance security and flexibility can help derive a number

of total system cost efficiencies. Overall key management may be simplified reducing the effort,

update processing may be managed in cost effective offline batches, and meter management

complexity may be reduced. MULTOS can fully support these potential system optimizations.

The hardware Root of Trust mechanisms provided by the MULTOS standard are very well suited to

deliver exceptional levels of control, security, flexibility, and business efficiencies for Smart Meters.

Page 19 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

Bibliography

Berg Insight (2016). IOT Platforms and Software. [Online]

Available at: http://www.berginsight.com/ReportPDF/ProductSheet/bi-platforms2-ps.pdf

[Accessed 07-09-2016].

Cbronline (2015). Cisco: IoT to generate $8 trillion worldwide in 10 years. [Online]

Available at: http://www.cbronline.com/news/internet-of-things/m2m/cisco-iot-to-generate-8-trillion-

worldwide-in-10-years-4555412

[Accessed 05-09-2016].

Computer Weekly (2016). How to secure the internet of things. [Online]

Available at: http://www.computerweekly.com/opinion/How-to-secure-the-internet-of-things

[Accessed 19-07-2016].

Gartner (2016a). Gartner's 2016 Hype Cycle for Emerging Technologies Identifies Three Key Trends That

Organizations Must Track to Gain Competitive Advantage. [Online]

Available at: http://www.gartner.com/newsroom/id/3412017

[Accessed 03-09-2016].

Gartner (2016b). Gartner’s Top 10 Security Predictions 2016. [Online]

Available at: http://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/

[Accessed 19-07-2016].

GSMA (2016). IoT Security Guidelines Overview Document, Version 1.0, 08 February 2016. GSMA.

Langner. R (2011). Cracking Stuxnet, a 21st-century cyber weapon [Online]

Available at: http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon

[Accessed 27-10-2016].

NYC Consumer Affairs (2016). Consumer Alert: Consumer Affairs Warns Parents to Secure Video Baby Monitors.

[Online]

Available at: http://www1.nyc.gov/site/dca/media/pr012716.page

[Accessed 19-07-2016].

Radichel. T (2014). Case Study: Critical Controls that Could Have Prevented Target Breach. Sans Institute.

Rossi. B (2016). 4 unexpected implications arising from the Internet of Things – Gartner. [Online]

Available at: http://www.information-age.com/technology/applications-and-development/123460779/4-

unexpected-implications-arising-internet-things-gartner

[Accessed 07-09-2016].

The Inquirer (2016). Just one in 10 IoT devices offer adequate security, warns research. [Online]

Available at: http://www.theinquirer.net/inquirer/news/2460405/just-one-in-10-iot-devices-offer-adequate-

security-warns-research

[Accessed 19-07-2016].

Page 20 of 20 © 2017 MAOSCO Limited – All Rights Reserved.

Wired (2016a). After Jeep Hack, Chrysler Recalls 1.4M Vehicles for Bug Fix. [Online]

Available at: https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/

[Accessed 19-07-2016].

Wired (2016b). A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever. [Online]

Available at: https://www.wired.com/2015/01/german-steel-mill-hack-destruction/

[Accessed 19-07-2016].

Wired (2016c). Hackers were behind Ukraine power outage [Online]

Available at: http://www.wired.co.uk/article/ukrainian-power-station-cyber-attack

[Accessed 27-10-2016].

Zilner.T (2015). ZIGBEE EXPLOITED, The good, the bad and the ugly. [Online]

Available at: https://www.blackhat.com/docs/us-15/materials/us-15-Zillner-ZigBee-Exploited-The-Good-The-

Bad-And-The-Ugly.pdf

[Accessed 07-09-2016].