scieee Science in your language
[en] (orig)

When Your Thing Won’t Behave: Security Governance in the Internet of Things

Author: Brennecke, Martin,Fridgen, Gilbert,Jöhnk, Jan,Radszuwill, Sven,Sedlmeir, Johannes
Publisher: New York, NY: Springer US,New York, NY: Springer US
Year: 2024
DOI: 10.1007/s10796-024-10511-z
Source: https://www.econstor.eu/bitstream/10419/330801/1/10796_2024_Article_10511.pdf
B ennecke, Ma in; F idgen, Gilbe ; Jöhnk, Jan; Radszuwill, S en; Sedlmei ,
Johannes
A icle — Published Ve sion
When You Thing Won’ Beha e: Secu i y Go e nance in
he In e ne o Things
In o ma ion Sys ems F on ie s
P o ided in Coope a ion wi h:
Sp inge Na u e
Sugges ed Ci a ion: B ennecke, Ma in; F idgen, Gilbe ; Jöhnk, Jan; Radszuwill, S en; Sedlmei ,
Johannes (2024) : When You Thing Won’ Beha e: Secu i y Go e nance in he In e ne o Things,
In o ma ion Sys ems F on ie s, ISSN 1572-9419, Sp inge US, New Yo k, NY, Vol. 27, Iss. 4, pp.
1471-1490,
h ps://doi.o g/10.1007/s10796-024-10511-z
This Ve sion is a ailable a :
h ps://hdl.handle.ne /10419/330801
S anda d-Nu zungsbedingungen:
Die Dokumen e au EconS o dü en zu eigenen wissenscha lichen
Zwecken und zum P i a geb auch gespeiche und kopie we den.
Sie dü en die Dokumen e nich ü ö en liche ode komme zielle
Zwecke e iel äl igen, ö en lich auss ellen, ö en lich zugänglich
machen, e eiben ode ande wei ig nu zen.
So e n die Ve asse die Dokumen e un e Open-Con en -Lizenzen
(insbesonde e CC-Lizenzen) zu Ve ügung ges ell haben soll en,
gel en abweichend on diesen Nu zungsbedingungen die in de do
genann en Lizenz gewäh en Nu zungs ech e.
Te ms o use:
Documen s in EconS o may be sa ed and copied o you pe sonal
and schola ly pu poses.
You a e no o copy documen s o public o comme cial pu poses, o
exhibi he documen s publicly, o make hem publicly a ailable on he
in e ne , o o dis ibu e o o he wise use he documen s in public.
I he documen s ha e been made a ailable unde an Open Con en
Licence (especially C ea i e Commons Licences), you may exe cise
u he usage igh s as speci ied in he indica ed licence.
h ps://c ea i ecommons.o g/licenses/by/4.0/
In o ma ion Sys ems F on ie s (2025) 27:1471–1490
h ps://doi.o g/10.1007/s10796-024-10511-z
When You Thing Won’ Beha e: Secu i y Go e nance in he In e ne
o Things
Ma in B ennecke1·Gilbe F idgen1·Jan Jöhnk2·S en Radszuwill2·Johannes Sedlmei 1
Accep ed: 30 June 2024 / Published online: 22 Augus 2024
© The Au ho (s) 2024
Abs ac
In he In e ne o Things (IoT), in e connec ed sma hings enable new p oduc s and se ices in cybe -physical sys ems.
Ye , sma hings no only inhe i in o ma ion echnology (IT) secu i y isks om hei digi al componen s, bu hey may
also agg a a e hem h ough he use o echnology pla o ms (TPs). In he con ex o he IoT, TPs desc ibe a angible (e.g.,
ha dwa e) o in angible (e.g., so wa e and s anda ds) gene al-pu pose echnology ha is sha ed be ween di e en models o
sma hings. While TPs a e e ol ing apidly owing o hei unc ional and economic bene i s, his is pa ly o he de imen o
secu i y, as se e al ecen IoT secu i y inciden s demons a e. We add ess his p oblem by o malizing he si ua ion’s dynamics
wi h an es ablished isk quan i ica ion app oach om pla o ms in he au omo i e indus y, namely a Be noulli mix u e model.
We ou line and discuss he implica ions o ele an pa ame e s o secu i y isks o TP use in he IoT, i.e., co ela ion and
he e ogenei y, ulne abili y p obabili y and con o mi y cos s, exploi p obabili y and non-con o mi y cos s, as well as TP
connec i i y. We a gue ha hese pa ame e s should be conside ed in IoT go e nance decisions and delinea e p esc ip i e
go e nance implica ions, iden i ying po en ial coun e -measu es a he indi idual, o ganiza ional, and egula o y le els.
Keywo ds In o ma ion Secu i y ·In e ne o Things (IoT) ·IT Go e nance ·IT Secu i y ·Risk Analysis ·Secu i y B each
Manage ial Rele ance S a emen
This pape p o ides p esc ip i e go e nance implica ions
o cope wi h In e ne o Things (IoT) secu i y isks esul -
ing om he use o echnology pla o ms (TPs). In simple
e ms, we a gue ha while allowing o se e al di e en
TPs inc eases he isk o a secu i y inciden , la ge-scale
BJan Jöhnk
[email p o ec ed]
Ma in B ennecke
[email p o ec ed]
Gilbe F idgen
[email p o ec ed]
S en Radszuwill
[email p o ec ed]
Johannes Sedlmei
[email p o ec ed]
1In e disciplina y Cen e o Secu i y, Reliabili y and T us ,
Uni e si y o Luxembou g, 29 A . J.F. Kennedy, Luxembou g
L-1855, Luxembou g
2FIM Resea ch Ins i u e o In o ma ion Managemen ,
Uni e si y o Bay eu h, Uni e si ä ss aße 30, Bay eu h
D-95447, Ge many
exploi s a e mo e likely o homogeneous TP use. Fu he ,
conside ing heco ela ionbe weenTPsisimpo an because
di e si ica ion- ela ed secu i y go e nance measu es may be
lesse ec i ei woTPs’ ulne abili iesa ehighlyco ela ed.
Finally, as we cu en ly obse e in p ac ice, an inc easing
numbe o connec ed sma hings makes IoT secu i y ac oss
TPs pa icula ly p one o la ge-scale exploi s. Ou go e -
nance implica ions add ess indi iduals (i.e., p o essional o
p i a e end-use s) using sma hings, manu ac u e s ha
build anddis ibu esuchsma hings,and supplie so TPsas
c i ical componen ac oss di e en models o sma hings.
We u he conside policymake s, egula o s,andau ho i ies
ha p o ide he gua d ails o sma hing adop ion and isk
managemen . Summa izing, we p o ide p ac i ione s wi h a
be e unde s anding o why and how TPs pose secu i y isks
o sma hing adop ion in he IoT, help quan i y and assess
he associa ed isks, and s imula e discussions on app op ia e
measu es o mi iga e hese isks.
1 In oduc ion
“The spi i s ha I called” – In Disney’s 1940 classic Fan-
asia, a so ce e ’s app en ice is s uggling wi h he acqui ed
123
1472 In o ma ion Sys ems F on ie s (2025) 27:1471–1490
powe o e a b oom and i s g owing au onomy. Simila o
he b oom, webcams and o he so-called sma hings (Al e ,
2019; Hube e al., 2024) we e esponsible o he wo ldwide
dis ibu ed denial o se ice (DDoS) a ack Mi ai in 2016,
execu ed by a bo ne o mo e han 500,000 In e ne o Things
(IoT) de ices and blocking he accessibili y o popula web
se ices such as Ai BnB, Twi e , and Ne lix (Dailymail,
2016; Wal e s & Jo dan, 2016). Ano he example o he
nume ous ecen secu i y inciden s is he ZigBee exploi ,
which could b ick Philips Hue de ices o use hem o u -
he DDoS a acks (Ronen e al., 2016). This exploi was
able o sp ead o simila nea by de ices ia buil -in wi eless
connec i i y, causing cascade e ec s (Ronen e al., 2016).
Fu he , he exploi s Spec e and Mel down used specula i e
execu ion in In el, AMD, and ARM p ocesso s, po en ially
disclosing sensi i e in o ma ion on mo e han a billion
de ices (Koche e al., 2018; Lipp e al., 2018). Also mod-
e n ca s and hei so-called con olle a ea ne wo k (CAN)
bus ha e also been p one o ulne abili ies (ICS-CERT.,
2018a,b). This se ial bus enables a acke s o con ol sa e y-
c i ical unc ionali ies (e.g., b aking) a e gaining access ia
mode n media and na iga ion sys ems o main enance po s.
Inciden s like hese ha e caused s ic e egula o y demands
on cybe secu i y in gene al and o inc easingly so wa e-
de ined and au onomous ehicles in pa icula (ISO/SAE
21434:2021., 2021; Regula ion EU 2018/858., 2018;Reg-
ula ion EU 2019/2144., 2019). Mo e ecen ly, we u he
obse ed a backdoo in XZ U ils on Linux ha was coin-
ciden ally caugh in ime be o e i could be exploi ed on a
la ge scale (Lins e al., 2024), as well as he C owdS ike
Falcon upda e (C owdS ike, 2024) on Mic oso Windows
ha impac ed a wide a ie y o c i ical in as uc u es and
sec o s, including bu no limi ed o he inancial se ices,
heal h, and a ia ion indus ies (Financial Times, 2024).
All hese inciden s also exhibi a leas h ee commonal-
i ies: They a e associa ed wi h sma hings and IoT, hey
use buil -in ne wo king ea u es o sp ead apidly, and hey
exploi a echnology pla o m (TP) ha is used in many di -
e en de ices. Thus, guidance o IoT TP go e nance is
needed; o he wise, secu i y inciden s will likely h ea en he
alue cap u e d i en by he oppo uni ies o IoT, he eby
ans o ming his pa adigm in o a cos ly bo ne o hings.
The IoT pa adigm desc ibes an inc easing numbe o sma
hings, which enable new in e ac ion ypes o indi iduals,
machines, and companies (Bo gia, 2014; Ransbo ham e al.,
2016; Ha wich e al., 2023). De ices like webcams, e ig-
e a o s, mic owa es, and e en oo hb ushes ha e become
pa o he IoT as simple embedded sys ems wi h access o
he In e ne (Ne ille-Neil, 2017), hough hey may no ye
be ac ually sma (Hube e al., 2024). This d i e o con-
nec hings o he In e ne na u ally inc eases he numbe o
connec ions be ween objec s in he physical ealm (A e -
good, 2018; Li e al., 2015). Sma hings in he IoT a e
equipped wi h high le els o connec i i y on mul iple laye s
(Whi mo e e al., 2015). In a-ne wo k connec i i y e e s o
connec i i y wi hin companies o households (e.g., inside he
(HAN)), ypically p o iding alue o he ne wo k’s owne .
Fo ins ance, household appliances (e.g., a e ige a o and a
washingmachine)cansynch onize hei ene gyconsump ion
in a household o limi expensi e peak loads (Waldo, 2002;
Riege e al., 2016). On he o he hand, in e -ne wo k con-
nec i i y, i.e., in e ac ions be ween sma hings ac oss com-
panies o indi idual homes ha o m digi al alue ne wo ks,
is ypically based on communica ion o e he In e ne . Thus,
a washing machine and sola cells o wo di e en house-
holds could synch onize ene gy supply and ene gy demand
ia sma g ids. In he cou se o he ongoing digi al ans o -
ma ion, henumbe o physicalobjec sequippedwi hsenso s
o communica ion and ne wo k in e aces and he numbe o
sma hings a e g owing, wi h new communica ion me hods
being c ea ed, and in a-ne wo k as well as in e -ne wo k
connec i i y inc easing (Püschel e al., 2016;Yoo,2010).
Secu i y isks in he IoT s ongly ela e o sma hings’
quali y and hei unde lying TPs. In con as o conside -
ing a single en i y, secu ing TPs in he IoT bea s he isk o
ulne abili ies sha ed ac oss he pla o m wi h he po en ial
o ein o ce secu i y inciden s ia he connec i i y be ween
many de ices. Slaugh e e al. (1998) di e en ia e be ween
so wa e quali y cos s o con o mi y, i.e., expendi u es asso-
cia ed wi h he iden i ica ion and p e en ion o de ec s ha
include co esponding oppo uni y cos s (e.g., owing o
longe de elopmen imes), and cos s o non-con o mi y, i.e.,
expendi u es o ewo k, main enance, liabili y damages, o
li iga ion. We ex end his dis inc ion o TPs in IoT since he
cos s o con o mi y (e.g., du ing he TP design and he de el-
opmen o sma hings) and non-con o mi y (e.g., in he
e en o an exploi owing o a pla o m ulne abili y) equally
apply o s anda diza ion, homogenei y, and “sma i ica ion”
in IoT TPs. Thus, he e is a ade-o be ween con o mi y
cos s and non-con o mi y cos s conside ing he associa ed
isks o co esponding TPs.
This ade-o aises ques ions conce ning adequa e indi-
idual, o ganiza ional, and egula o y eac ions, i.e., which
coun e measu es should be aken o p e en o a leas mi -
iga e he e ec s o secu i y inciden s in he IoT. We see
a need o e ec i e managemen and go e nance p oce-
du es o balance he ade-o be ween con o mi y cos s and
non-con o mi y cos s. In pa icula , he managemen and
go e nance issues connec ed o TPs in he IoT mus be con-
side ed om an indi idual’s pe spec i e (Almeida e al.,
2015) as well as om he pe spec i e o companies and
egula o s (Webe , 2010; Ve mesan & F iess, 2022). Such a
holis ic app oach is necessa y o accoun o he high deg ee
o in e connec i i y and he blu ing bounda ies be ween
ac o s in he IoT. These ques ions s ongly ela e o he s an-
da diza ion o IoT pla o ms and hei go e nance.
123
In o ma ion Sys ems F on ie s (2025) 27:1471–1490 1473
Managemen and in o ma ion sys ems (IS) esea ch as well
as policy-make s a e paying inc easing a en ion o ( echnol-
ogy) pla o ms, including ela ed go e nance ques ions and
ensions(Thomase al.,2014;Weigle al.,2023).Pa icula ly
in he ield o IS, esea che s ha e p e iously in es iga ed
pla o m- and IoT- ela ed challenges a he indi idual o
beha io al le el, a he o ganiza ional le el, and a he eg-
ula o y o socie al le el. Based on his esea ch – and a he
in e sec ion wi h eme ging echnologies – esea che s also
de elopednume ousale sys emsand amewo ks oadd ess
ela ed challenges (Syed, 2020; Biswas e al., 2022,2023).
A he same ime, and along simila lines, he Eu opean
Union (EU has s a ed add essing cybe secu i y challenges
posed by he IoT, e.g., ia he e ision o he P oduc
Liabili y Di ec i e (COM/2022/495 inal, 2022) and he
Cybe Resilience Ac (COM/2022/454 inal., 2022). These
measu es a e likely o subs an ially inc ease secu i y equi e-
men s o p oduc s wi h digi al componen s, including sma
de ices. Despi e he ecen ubiqui y o challenges and isks
ela ed o TPs and IoT, he implica ions o TP use in he IoT
and i s impac s on in o ma ion echnology (IT) go e nance
emain unexplo ed (Webe , 2013; Mohamad Noo & Haslina
Hassan, 2019). Thus, like he so ce e ’s app en ice, indi id-
uals, companies, and egula o s a e s ill s uggling o achie e
su icien secu i y go e nance in he IoT. Agains his back-
d op, we ask he ollowing esea ch ques ion:
Wha a e he implica ions o echnology pla o m in he IoT
o secu i y go e nance a he indi idual, company, and
egula o y le els?
We ollow he esea ch cycle p oposed by Me edi h e al.
(1989) o add ess his ques ion. “[A]ll esea ch in es iga ions
in ol e a con inuous, epe i i e cycle o desc ip ion, expla-
na ion, and es ing” (c . Me edi h e al., 1989, p. 301). Fi s ,
we seek o con ibu e o he desc ip i e body o knowledge
by desc ibing TP use in he IoT as well as i s associa ed
isks (Sec ion 2). Second, we adop a isk quan i ica ion
app oach de eloped o he au omo i e indus y (Kang e al.,
2015) o shed ligh on isk- ela ed dynamics by add essing
“ he unde lying causal s uc u e o he heo y” (c . Me edi h
e al., 1989, p. 303), i.e., he an eceden s, in e dependen-
cies, and implica ions o TP use in he IoT (Sec ion 3). We
demons a e how he use o pla o ms and hei isk quan i i-
ca ion can be ans e ed o TPs in he IoT, using he case o
BusyBox (ICS-CERT., 2022) as an illus a i e example o a
so wa e sui e ha is used ac oss millions o IoT de ices –
om (PLCs) o emo e e minal uni s (RTUs) – and whe e
isks ha e ma e ialized, as highligh ed by ulne abili ies
ela ed o i s dynamic hos con igu a ion p o ocol (DHCP)
clien s (CVE-2016-2148., 2016), heap bu e s (CVE-2018-
1000517., 2018), and code execu ion (CVE-2022-48174.,
2022). Thi d, we delinea e p esc ip i e go e nance impli-
ca ions esul ing om he inhe en isks o TPs in he IoT
(Sec ion 4). In doing so, we seek o de elop guidance o deal
wi hanu gen eal-wo ldp oblem.Wediscuss helimi a ions
o ou esea ch and conclude in Sec ion 5.
2 Technology Pla o ms and Pla o m
Secu i y Risks in he IoT
2.1 Technology Pla o ms in he IoT
Pla o ms a e conside ed an impo an pa adigm o p oduc
managemen , new p oduc de elopmen , as well as inno-
a ion and echnological s a egy (Facin e al., 2016). The
concep o a pla o m comp ises a se o di e en in e p e-
a ions (Thomas e al., 2014). The li e a u e ei he ega ds
pla o ms om a echnological pe spec i e (Po ch e al.,
2015), wi h examples including IT pla o ms (Fichman,
2014), o as wo-sided ma ke s om a p ima ily economic
pe spec i e (Dibia & Wagne , 2015;Gawe ,2014). We ol-
low he pe spec i e o Fichman (2014), who de ine an IT
pla o m as “a gene al-pu pose echnology ha enables a
amily o applica ions and ela ed business oppo uni ies”
(c . Fichman, 2014, p. 132). In he IoT, such TPs can ake
di e en o ms (A nold e al., 2022). One may hink o so -
wa e pla o ms as ope a ing sys ems o ha dwa e pla o ms
as p ocesso amilies. Also, a TP is no necessa ily angible,
bu canalso“bease o s anda ds”(c .Geppe al.,2016,p.2).
Fo ins ance, s anda ds such as p og amming languages, p o-
ocols, o secu i y guidelines can also ep esen TPs.
Rega dless o whe he hey a e angible o in angible, TPs
a e ypically used o achie e economies o scale ia cos
educ ions o e a se o componen s (Baldwin & Wooda d,
2008). As he ma ginal cos s o so wa e a e conside ed o
be close o ze o om a selle ’s pe spec i e, he e-use o
so wa e componen s whe e e possible is a logical con-
sequence. Fu he , s anda ds and s anda dized componen s
enable coope a ion in ne wo ks, because “ i ms wi h sim-
ila echnological capabili ies a e likely o o m s a egic
alliances and in e ac in a coope a i e and compe i i e man-
ne ” (c . hyu Kim e al., 2017, p. 2). In he au omo i e
indus y, e icien p oduc ion is now inconcei able wi hou
pla o ms such as Volkswagen’s modula ans e se oolki
(Kang e al., 2015). Wi h he apidlyinc easing numbe o man-
u ac u ed and deployed IoT de ices, TPs ecei e g owing
ele ance in he IoT. Indeed, he IoT sec o is expe iencing
a de elopmen owa ds TP use, such as in he inc easingly
senso - and so wa e-de ined au omo i e indus y.
2.2 Technology Pla o m- ela ed Risks,
Vulne abili ies, and Exploi s
We d aw on Kang e al. (2015) o he concep o TP isk, he
associa ed e ms, he necessa y adap a ions o he speci ics
123
1474 In o ma ion Sys ems F on ie s (2025) 27:1471–1490
o TPs in he IoT, as well as he di e en ia ion be ween hem.
Kang e al. (2015) di e en ia e be ween pla o ms, models,
uni s, de ec s, and ailu es. They de ine a pla o m as “a se o
design componen s (i.e., so wa e modules o physical pa s)
ha a e commonly sha ed by a ange o di e en p oduc s”
(Kang e al., 2015, p. 372and 37), using Toyo a as an appli-
ca ion example. The p oduc s unde conside a ion a e he
b akes based on he same pla o m, i.e., an iden ical unde ly-
ing design. A model desc ibes an indi idual use case ha is
based on he common pla o m. In he Toyo a case, he b ake
pla o mmodels co espond o he di e en ca models,since
each ca model comes wi h i s speci ic b ake sys em ha is
based on he pla o m bu adjus ed o he speci ic ca model.
Uni s a e en i ies o an ins ance o a model, e.g., he b ake
sys em in one manu ac u ed Toyo a Co olla.
To model TP isk, Kang e al. (2015) u he in oduce he
no ion o de ec and ailu e. They de ine a design de ec as a
“design law ha can po en ially cause a ailu e in he cou se
o a p oduc ’s use” (c . Kang e al., 2015, p. 373). Impo -
an ly, his is no o be con used wi h a uni ’s ailu e caused
by a de ec i ely manu ac u ed p oduc (Kang e al., 2015).
Fo ins ance, he eliance o a Boeing 737 Max on a sin-
gle senso o i s Maneu e ing Cha ac e is ics Augmen a ion
Sys em (MCAS) can be conside ed a de ec , whe eas acci-
den s caused by a mal unc ion o he senso would ep esen
a ailu e (T a is, 2019). This de ini ion al eady implies ha
a ailu e e e s o he mani es a ion o a de ec . Failu es can
hus be modeled as andom e en s, wi h he unde lying p ob-
abili y dis ibu ion desc ibed by de ec s (Kang e al., 2015).
No ably, secu i y isks in he IoT can u he ma e i-
alize no solely in ela ion o he ha dwa e bu also in
he so wa e being used. The esul ing so wa e secu i y
isks may no always be caused by he TP p o ide bu
can also be caused by hi d-pa y lib a ies he TP p o ide
uses o adap s. One example o an IoT isk ha ma e i-
alized came in he o m o h ee Apache log4j ulne a-
bili ies, namely CVE-2021-44228, CVE-2021-45046, and
CVE-2021-44832 (Mic oso Th ea In elligence., 2021). As
log4j is a equen ly used logging lib a y, i a ec ed a sig-
ni ican sha e o Ja a lib a ies used in bo h comme cial
and non-comme cial se ings. Consequen ly, many IoT TPs
ha comp ise Ja a-based componen s, likely unde lying bil-
lions (o en in e connec ed) o sma de ices, we e a ec ed.
Acco ding o Mic oso , “ he ulne abili ies p esen ed a new
a ack ec o and gained b oad a en ion due o i s se e i y
and po en ial o widesp ead exploi a ion” (Mic oso Th ea
In elligence., 2021). The Cybe secu i y and In as uc u e
Secu i y Agency (CISA) Di ec o Jen Eas e ly, a he ime,
u he published a s a emen indica ing ha “ his ulne a-
bili y poses a se e e isk” (CISA., 2021). Simila isks can
ma e ialize in o he digi al in as uc u es, including secu i y
and communica ion p o ocols.
We ans e hese concep s o he speci ics o TPs unde -
lying IoT de ices o model he isk o la ge-scale exploi s –
as o ou applica ion example, BusyBox. The Unix-based
BusyBox is an open-sou ce oolki designed o mobile and
embedded sys ems, as o en ound in IoT applica ions (ICS-
CERT., 2022). The oolki is widely used in p oduc s such
as webcams (e.g., he D-Link Wi-Fi came a), ou e s and
modems (e.g., AVM-F i z!Box, Belkin, Linksys, and Ne -
Gea ), sma phones (e.g., Nokia N900), ele ision ecei e s
(e.g., D eambox), na iga ion sys ems (e.g., TomTom GO),
and d ones (e.g., AR D one 2.0) (ICS-CERT., 2022; A en z,
2005;TomTom,2005; Labs, 2016). We use i as illus a i e
example o he de ini ions o he a o emen ioned concep s.
We apply Kang e al.’s (2015) de ini ion o pla o ms
o TPs in IoT, de ining an IoT pla o m as any componen
ype (ha dwa e, so wa e, o s anda d) ha is sha ed be ween
sma hings. We ega d a sma hing as a p oduc – a “p e-
iously non-digi al physical a i ac ” (c . Yoo e al., 2012,
p. 1399) ha has been equipped wi h digi al echnology (Yoo
e al., 2012). In ou illus a i e example, BusyBox ep esen s
he pla o m. Fu he , we conside an IoT model o be a ype
o sma hing ha is based on a speci ic TP. This in ails ha
di e en IoT models’ physical shapes can a y subs an ially,
as illus a ed by he a ious models based on BusyBox, o
ins ance, a Pa o AR D one 2.0 and a D-Link web came a.
The concep o an IoT uni is s aigh o wa d; we ega d one
physical, manu ac u ed ins ance o a sma hing as one IoT
uni .
While we also adop he unde lying de ini ions o de ec
and ailu e om Kang e al. (2015), hei applica ion and
implica ions di e subs an ially be ween he au omo i e
indus y and he IoT ield. Thus, ollowing a classi ica-
ion by Howa d & Longs a (1998), we use he e ms o
ulne abili y and exploi ins ead o accoun o addi ional,
in o ma ion sys ems- ela ed speci ics. A ulne abili y is “a
weakness [in he design, implemen a ion, o con igu a ion]
o a sys em allowing unau ho ized ac ion” (c . Howa d &
Longs a , 1998, p. 14). This unde s anding is in line wi h
o he de ini ions ha conside he concep o ulne abili y o
be di ec ly ela ed o he uppe -le el concep o hing (Syed,
2020). An exploi , on he o he hand, ep esen s a success-
ul “g oup o a acks ha can be dis inguished om o he
a acksbecauseo hedis inc i enesso hea acke s,a acks,
objec i es, si es, and iming” (c . Howa d & Longs a , 1998,
p. 15). An a ack is speci ied by co esponding ulne abili-
ies, ools, ac ions, a ge s, and unau ho ized esul s (Howa d
& Longs a , 1998). Analogous o Kang e al.’s (2015) de i-
ni ion o a de ec , a ulne abili y e e s o a lawed design, o
ins ance, he possibili y o malicious code injec ion in Busy-
Box ia he ne s a ool (Cybe secu i yhelp., 2022). Thus,
an exploi cons i u es a mani es a ion o a ulne abili y o
he IoT pla o m, e.g., a success ully plan ed backdoo in
123

In o ma ion Sys ems F on ie s (2025) 27:1471–1490 1475
a D-Link DCS-930L webcam u ilizing he ulne abili y o
BusyBox.
2.3 Pla o m Secu i y Risks
In he con ex o IoT TPs, we unde s and secu i y as an ex en-
sion o he common CIA iad (con iden iali y, in eg i y, and
a ailabili y) ha also conside s access le el and unc ional
le el secu i y equi emen s (Meneghello e al., 2019). This
in e p e a ion demandscon ol bo h o e in o ma ion p ocessed
by an indi idual sma hing as well as he impac o such p o-
cessing ono he componen s(e.g., indi idualso o he de ices).
In line wi h his unde s anding, pla o m secu i y is conce ned
wi h “ angible and in angible asse s ela ing o he wellbeing
o ei he he indi idual o socie y a la ge” (c . on Solms &
an Nieke k, 2013,p.101).Following onSolms& anNiek-
e k’s (2013) de ini ion o cybe secu i y, we u he include
he en i e y o all IoT de ices in his assessmen and do no
solely e e o an indi idual’s in o ma ion and communica-
ion using a speci ic IoT de ice as he asse a isk.
Exploi s such as he Mi ai IoT bo ne , which was based
on he BusyBox TP ulne abili y, illus a e ha secu i y
b eaches may no only a ec a single sma hing acco d-
ing o he CIA iad, bu a he isk he o e all wellbeing
o o he sma hings buil on o he TPs owing o DDoS
a acks. As such, we a gue ha his holis ic pe spec i e
is necessa y. The o e all secu i y goals o he CIA iad
(con iden iali y, in eg i y, and a ailabili y) and i s ex ensions
(accoun abili y, au hen ici y, non- epudia ion, and eliabil-
i y) emain unchanged in his in e p e a ion in he con ex o
he IoT ( on Solms & an Nieke k, 2013; Siponen & Oinas-
Kukkonen, 2007). Ye , conside ing he connec i i y o sma
hings in he IoT, ela ed wo k sugges s inc easing esilience
o a acks as an addi ional cybe secu i y goal, i.e., “[a oid-
ing] single poin s o ailu e and [adjus ing] o node ailu es”
(Fabe & Gün he 2007,p.3).
Raine J e al. (1991, p. 130) de ine isk as he condi-
ion “when an asse is ulne able o a h ea ” and dis inguish
be ween physical h ea s (e.g., wea he o i e) and unau ho-
ized o au ho ized access as majo h ea s o IT. Al hough
unau ho ized access is he mos ob ious secu i y h ea ,
au ho ized access can e en be mo e in luen ial because he
access usually goes unno iced. Fu he , Raine J e al. (1991)
no e ha h ea s can o igina e om in e nal o ex e nal
sou ces. Secu i y isks may occu a a ious le els, i.e.,
he applica ion le el, he o ganiza ional le el, and he in e -
o ganiza ional le el (Bandyopadhyay e al., 1999). Applied
o he IoT, hese de ini ions and dis inc ions emain alid, bu
he cha ac e is ics o he IoT imply po en ial isks a all h ee
le els owing o i s physical componen s, human-machine
in e ac ion, and c oss-o ganiza ional in e ac ions (Sadeghi
e al., 2015).
The IoT no only inhe i s classic IT secu i y isks bu
also c ea es new secu i y isks due o IoT-speci ic ea u es
(Zhou e al., 2019). Acco ding o A zo i e al. (2010),
h ee IoT-speci ic ulne abili ies inc ease secu i y isks o
sma hings: Una ended componen s ha acili a e phys-
ical a acks, accessibili y ia wi eless communica ion, and
educed secu i y measu es owing o limi ed ene gy and com-
pu ing esou ces. We a gue ha he use o TPs in he IoT
ampli ies hese ulne abili ies o wo easons. Fi s , sma
hings buil on a common TP a e cha ac e ized by sha ed
echnical componen s as well as inc eased in a-ne wo k and
in e -ne wo k connec i i y in he IoT. Thus, al hough “pla -
o m sha ing is conside ed an e ec i e means o cos sa ing
[...] i also uns he isk o p opaga ing a pa icula ailu e”
(Kang e al., 2015, p. 372) among sma hings building
on he same TP. This can lead o cascading e ec s e en
i only a single componen is exploi ed. Second, al hough
sma hings sha e a common TP, hey can s ill ha e dis inc
ea u es ha may p ohibi o impede a simple pla o m-wide
ollou o secu i y coun e measu es (e.g., pa ches). Thus, he
deg ee o connec i i y and he ex en o a ia ions ac oss
models may con ibu e o he isk o cascading TP-speci ic
ulne abili ies. As a esul , sma hings in he IoT a e a ac-
i e a ge s owing o hei ulne abili ies and hei equen
uses in c i ical in as uc u es such as he in e ne o medical
hings (IoMT) (Wang e al., 2022) o en i onmen s o sen-
si i e in o ma ion such as he indus ial IoT (IIoT) (Sadeghi
e al., 2015; Eden e al., 2017; Mille & Rowe, 2012). We
conside an IoT-speci ic analysis o pla o m secu i y isks
and he implica ions o app op ia e go e nance measu es o
be a aluable addi ion o he exis ing body o knowledge.
In ligh o he a o emen ioned de ini ions and examples,
he speci ic isk o a TP in he IoT can be summa ized as
ollows: Owing o hesha ingo iden ical echnologicalcom-
ponen s ac oss a pla o m, a ulne abili y’s e ec (i.e., he
o e all numbe o exploi ed uni s) can be subs an ial. Vul-
ne abili ies o one sma hing model a e likely o occu in
a simila way (i no iden ically) in many o he sma hing
models ha sha e he same TP. This is c ucial because he
key o success ul pla o m s a egies is o a ac hi d-pa y
endo s de eloping applica ions on he pla o m (Kim & Al -
mann, 2020). In his con ex , i does no ma e i ha dwa e,
so wa e, o a s anda d cons i u es he TP. We wan o poin
ou ha he e a e also o he models o quan i ying he isk
o impac o IT secu i y inciden s, e.g. he IoT Mic oMo
model (Radanlie e al., 2018). In con as , ou ocus lies
on he isk o exploi s o ulne abili ies ha a e co ela ed
h ough he join use o an IoT-speci ic TPs and an assess-
men o co esponding, po en ially widesp ead, implica ions
o secu i y and esilience. The e o e, we will now elabo a e
on he modeling o such isks in TPs, based on he concep s
o ulne abili ies and exploi s.
123
1476 In o ma ion Sys ems F on ie s (2025) 27:1471–1490
3 Modeling Technology Pla o m Risks
in he IoT
To model TP isk in he IoT, we use a Be noulli mix u e
model, an es ablished app oach o model c edi de aul isk
in he inancial sec o (Bluhm e al., 2010; Giesecke, 2004;
Giesecke & Webe , 2004). To ou line he speci ics o IoT
TPs, we ollow he modeling p ocedu e o Kang e al. (2015)
and ans e i o IoT TPs. To unde s and he modeling p o-
cedu e, i is impo an o dis inguish be ween he ex-an e and
ex-pos p obabili y (o densi y) o an inciden , i.e., espec-
i ely, be o e any obse a ion and a e ha ing obse ed
a ce ain e en (Rausand e al., 2020) – in ou case, an
exploi . Pla o ms a e usually designed wi h ca e, and a pla -
o m p o ide can be assumed o no pu pose ully design
a ulne able pla o m. Howe e , ulne abili ies empi ically
canno be a oided en i ely. Fu he , some secu i y issues only
eme ge wi h new echnological de elopmen s. Fo ins ance,
ce ain c yp og aphic lib a ies can become insecu e because
an a acke ’s compu a ional powe can inc ease o an a acke
may ge access o a capable quan um compu e (Bha & Gi i,
2021). Thus, a ulne abili y o en only becomes appa en ex-
pos . Fo ins ance, when he BusyBox TP was i s designed
in 1995, he cu en ly p e ailing secu i y inciden s we e no
o eseeable, pa ly owing o he lack o echnical possibili-
ies a ha ime as well as he la e a ising use o he IoT.
Thus, ex-an e, a pla o m design may be assumed o be ee
o ulne abili ies, ye a e ha ing obse ed exploi s, ex-pos ,
ulne abili ies become appa en .
We will now ans e Kang e al.’s (2015) model o TP in
he IoT and con ibu e o he desc ip i e body o knowledge
by desc ibing TP use in he IoT as well as he associa ed
secu i y isks. Also, we de i e go e nance implica ions o
TPs in he IoT om his model. To no exceed his pape ’s
scope, we e e o Bluhm e al. (2010) o a mo e de ailed
o e iew o Be noulli mix u e models. We use he no a ions
in Table 1 o desc ibe he ma hema ical model.
We inhe i he ollowing assump ions om Kang e al.
(2015): Le Ii,kdeno e he andom a iable ep esen ing whe-
Table 1 Ma hema ical No a ions o Model TP Risks in he IoT
No a ion Desc ip ion
Numbe o models based on he TP
i∈{1, ..., }Index o a model wi hin he TP
miModel i
NiTo al numbe o deployed uni s o model i
pgVulne abili y p obabili y o he TP
giExploi p obabili y o model i
ρi,jCo ela ion coe icien be ween model iand j
YiNumbe o exploi ed uni s o model i
X=
i=1YiNumbe o exploi ed uni s o en i e TP
he o no uni kamong model iis exploi ed, whe e i∈
{1,..., }and k∈{1,...,Ni}.Le ideno e he andom a i-
able ep esen ing he exploi p obabili y o model i. Then:
A0: Fo each pai o uni s k1in model i1and k2in model
i2, he andom a iables Ii1,k1and Ii2,k2a e independen
and ollow Be noulli(i1)and Be noulli(i2), espec-
i ely, o bo h i1=i2and i1= i2(condi ional
independence).
A1: P(i1=gi1,
i2=gi2∨i1=0,
i2=0)=1
(pe ec co ela ion).
A2: i1and i2independen ly ake one o wo alues, gi
and0(independence).
Ou model can be hough o as desc ibing wo sequen-
ial inciden s. Ini ially, o ob ain a nonze o p obabili y o
exploi ed uni s o any model, a TP mus con ain a ulne a-
bili y.Subsequen ly,gi en ha heTPis ulne able,aspeci ic
exploi o his ulne abili y is possible o each model mi
based on he TP. Thus, a TP has a ulne abili y p obabili y
pg, and each model mihas an exploi p obabili y gi.Again,
in case a ulne abili y would ha e been known ex-an e, he
pla o m would ha e been designed di e en ly. In ou iew,
any IT- ela ed TP has a ulne abili y p obabili y pg>0
because pe ec secu i y by design is i ually impossible,
as s eady epo s on he mos ecen IT secu i y inciden s
emphasize. This is due o he hea y use o IT componen s,
hei ai ly sho li ecycles, complex sys em en i onmen s,
and economic incen i es o a acke s, o name jus a ew ea-
sons (Nicolescu e al., 2018). Fu he , exploi s in mos cases
equi e a conscious ac ion, implying knowledge o he ul-
ne abili y and he de elopmen o a sui able coun e a ack.
Bo h equi e ime and e o . Thus, a pe ec TP secu i y le el
is ha d o achie e, and pg>0. On he o he hand, mos ul-
ne abili ies can be ixed and a e ixed a e exploi s eme ge o
esponsible disclosu e occu s (A o a e al., 2010), i.e., be o e
a la ge numbe o uni s a e exploi ed. Thus, in ou iew, he
exploi p obabili y can gene ally be assumed o be small.
Vulne abili ies ha become public and emain un ixed o
a long ime a e p one o exploi s. In such cases, TPs in he
IoT bea he subsequen isk o cascading an exploi h ough
he ne wo k ha connec s indi idual de ices. Thus, he isk
o an exploi caused by a ulne able TP can be ampli ied
owing o he uni s’ connec i i y. A key ques ion is whe he
he con agion becomes an epidemic and sp eads apidly, o
whe he i dies ou . The h eshold be ween hese wo cases
is called he epidemic h eshold (P akash e al., 2012). The e
is e idence ha he epidemic h eshold can be e y low o
homogeneous ne wo ks (P akash e al., 2012). On he o he
hand, connec i i y also p o ides he possibili y o apidly
sp ead coun e measu es, e en be o e cascade e ec s occu .
The explici modeling o such cascades (wi h bo h posi i e
123
In o ma ion Sys ems F on ie s (2025) 27:1471–1490 1477
and nega i e e ec s) has been he subjec o esea ch in
o he disciplines (Buldy e e al., 2010; Wa s, 2002;Hel-
bing, 2013), and should also be subjec o u u e esea ch
in he IoT. Al hough we do no look in o cascade e ec s
in pa icula , we connec ou indings o he no ion o cas-
cade e ec s. Fo single uni s o each model, we dis inguish
he wo s a es exploi and no exploi , which can be modeled
as a Be noulli ial (Kang e al., 2015). Thus, he exploi
o a single uni is a andom e en occu ing wi h p oba-
bili y gi o model io he TP, gi en he ulne abili y in
he TP. Fo ins ance, conside he a o emen ioned BusyBox
as TP. Model m1could hen deno e he D-Link DCS-930L
Home Ne wo k Webcam, model m2 he D-Link DCS-932L
Home Ne wo k Webcam, and model m3 he TomTom GO 4
na iga ion sys em, since hey all a e based on BusyBox.
The exploi p obabili y gican a y o di e en models o
he same pla o m, i.e., i may be mo e likely o model
m1(D-Link DCS-930L webcam) o be exploi ed han o
model m2(D-Link DCS-932L webcam), o o model m3
(TomTom GO 4). Wi h his denomina ion, a isk measu e o
exploi so aTPisgi enby he ailp obabili y P(X>x)(see
Fig. 1), whe e X=
i=1Yi, and xis an a bi a y h esh-
old ha de e mines a la ge-scale exploi (Kang e al., 2015;
Fabozzi e al., 2007;Roy,1952). In o he wo ds, P(X>x)
deno es he p obabili y ha mo e han xuni s ac oss all mod-
els o a TP in he IoT a e exploi ed. Al hough we do no ocus
oncascadee ec s in his pape , conside ing xas he epidemic
h eshold is in iguing. Since mo e han xexploi ed uni s
will possibly lead o subsequen cascade e ec s ha sp ead
h ough he ne wo k, his s ongly ampli ies an exploi ’s
impac s. Fo ins ance, 3,000 D-Link DCS-930L webcams,
2,000 D-Link DCS-932L, and 5,000 TomTom GO 4 na i-
ga ion sys ems exploi ed add up o 10,000 exploi ed uni s o
heBusyBoxTP.I x=9,000, heepidemic h esholdwould
ha e been su passed, and cascade e ec s likely p opaga e he
Fig. 1 The Numbe o Exploi ed Uni s as a Measu e o Technology
Pla o m Risk
exploi h oughou he ne wo k. A low p obabili y o acing
many exploi ed uni s is desi able o all in ol ed pa ies, i.e.,
he TP supplie (e.g., BusyBox’s de elope s), manu ac u e s
using he TP (e.g., D-Link and TomTom), indi iduals using
he co esponding sma hing, as well as egula o s. Figu e 1
illus a es he denomina ions.
We use a binomial dis ibu ion o model he numbe o
exploi ed uni s o each model mi. Using he Be noulli mix-
u e app oach, we can calcula e he uncondi ional, ma ginal
dis ibu ion o Yibased on Kang e al. (2015):
P(Yi=x)=pgNi
xgx
i(1−gi)Ni−x.
Beyond assuming ha giis su icien ly small (see abo e),
we also assume ha he numbe o uni s o an IoT model
Niis la ge. To allow o be e compu abili y, we hus use
he Poisson app oxima ion o a Be noulli dis ibu ion and
de i e (1) (Kang e al., 2015):1
P(Yi=x)≈pg
(λi)x
x!e−λi,whe e λi=Ni·gi.(1)
F om (1), we ob ain he p obabili y ha he numbe o exp-
loi ed uni s Yi o model miequals x. Fo ins ance, we ob ain
he p obabili y ha x=3,000 uni s o he D-Link DCS-930L
webcam a e exploi ed. The o e all designs o wo models
can be qui e simila , o ins ance, o he D-Link DCS-930L
webcam (m1) and he D-Link DCS-932L webcam (m2). Fo
hese wo models, we assume a (high) co ela ion in case o
a TP ulne abili y because exploi s in one model may indi-
ca e he p esence o ulne abili ies o co esponding exploi s
in he o he . In con as , TomTom GO na iga ion sys ems
(m3) use he same BusyBox TP, bu he exploi s be ween
he na iga ion sys em and he webcams may only be weakly
co ela ed. A high numbe o webcams being exploi ed does
no necessa ily co ela e o a high numbe o na iga ion sys-
ems being exploi ed. Fu he , we in e p e wo unco ela ed
models as using indi idually designed (i.e., di e en ) TPs.
Thiswouldbeasi ua ioninwhich heD-Link DCS-930Land
D-Link DCS-932Lwebcams usesimila unc ionaluni s, bu
on di e en TPs, i.e., D-Link DCS-930L would use Busy-
Box, and D-Link DCS-932L would build on ano he en i ely
di e en TP.Wecanmodel heseco ela ionsin heBe noulli
mix u e model be ween andom a iables (Bluhm e al.,
2010), i.e., in ou case, we can model he co ela ion o di -
1No e ha he numbe o IoT de ices can be assumed o be e y
la ge. Howe e , o allow o a good app oxima ion o he unde lying
Be noulli model by he Poisson dis ibu ion, we keep λi=giNia
a easonable size. This does no a ec ou subsequen discussion o
go e nance implica ions o TP use in IoT because we ocus on gen-
e alizable insigh s o undamen ally di e en scena ios a he han on
speci ic numbe s.
123
1478 In o ma ion Sys ems F on ie s (2025) 27:1471–1490
e en models mio a pla o m using a co ela ion coe icien
ρi,j.
We conside a TP wi h only wo models m1and m2in
he ollowing, and we se he exploi p obabili ies g1=g2.
This allows us o illus a e he basic connec ions be ween he
model pa ame e s. Since we ocus on de i ing go e nance
implica ions om ou model, we poin ou ha he assump-
ions do no es ic ou subsequen insigh s o a wo-model
si ua ion. A mo e gene al modeling o Be noulli mix u es
can, o ins ance, be ound in Bluhm e al. (2010). Following
Bluhm e al. (2010) and Kang e al. (2015), we ob ain h ee
cases ha depic di e en co ela ion le els: he wo models
can be pa ially co ela ed,pe ec ly co ela ed,o unco e-
la ed. To imp o e eadabili y, we se ˜ρ=pg+ρ1,2(1−pg).
Pa ially co ela ed (0 <ρ
1,2<1):
P(Xpa ially =x)=˜ρpg
(λ1+λ2)x
x!e−(λ1+λ2)
+pg(1−˜ρ)λx
1e−λ1+λx
2e−λ2
x!.(2)
F om his gene al o mula, we di ec ly ge he wo special
cases o pe ec ly co ela ed (ρ1,2=1, i.e., ˜ρ=1) and
unco ela ed models (ρ1,2=0, i.e., ˜ρ=pg):
Pe ec ly co ela ed (ρ1,2=1):
P(Xpe ec =x)=pg
(λ1+λ2)x
x!e−(λ1+λ2).(2a)
Unco ela ed (ρ1,2=0):
P(Xunco ela ed =x)=p2
g
(λ1+λ2)x
x!e−(λ1+λ2)
+pg(1−pg)λx
1e−λ1+λx
2e−λ2
x!.(2b)
Dis inguishing hese h ee cases allows us o discuss TP
go e nance choices mo e dis inc ly. We will now illus a e
he insigh s om ou TP isk model, looking in o he di e -
en inpu pa ame e s’ e ec s ega ding hei impac s on he
o e all isk o TPs in he IoT. We will u he ela e ou ind-
ings o cu en li e a u e and de i e go e nance implica ions
o he IoT.
4 Applica ion Scena io and Go e nance
Implica ions o he IoT
F om (2)–(2b), we conclude ha ou dis inc pa ame e s
impac he isk o exploi s o TPs in he IoT. An analysis
o hese pa ame e s hus allows o a de ailed discussion o
app op ia e IoT go e nance aspec s. We ou line how he co -
ela ion coe icien ρ1,2, he ulne abili y p obabili y pg, he
exploi p obabili y gi, and he model size Ni(and, hus, he
o e all pla o m size consis ing o all models), de e mine he
isk o la ge-scale exploi s in he IoT. We use he example o
BusyBox (ICS-CERT., 2022) o illus a e and analyze hese
pa ame e s’ impac s based on an applica ion example and
analy ical insigh s. We u he de i e and discuss implica-
ions o IoT secu i y go e nance as a i s esea ch s ep in
his di ec ion. In pa icula , we ou line how he use o TPs
a ec scon o mi yandnon-con o mi ycos s(Slaugh e e al.,
1998) and de i e implica ions o IoT secu i y go e nance.
We hus dis inguish be ween he indi idual,company, and
egula o y le els o IoT go e nance measu es. A he indi-
idual le el, we loca e he indi idual end-use ha makes use
o a sma hing buil on a speci ic TP. A he company le el,
we see bo h supplie s who de elop and dis ibu e TPs and
manu ac u e s ha make use o hese TPs when de eloping
hei sma hings. Finally, he egula o y le el in ol es poli-
cymake s, egula o s, and au ho i ies who a e esponsible o
se ing he ules o TPs use, de elopmen , and dis ibu ion
in he IoT.
4.1 Co ela ion, Homogenei y, and He e ogenei y
4.1.1 Applica ion Example and Model Implica ions
We ollow a wo-s ep app oach when analyzing and dis-
cussing ou model. Fi s , we p o ide an applica ion example
o illus a e he undamen al p ope ies and ou line he di e -
ences be ween co ela ed and unco ela ed TPs. No e ha he
expec ed numbe o exploi s is independen o he deg ee o
co ela ion and only depends on he o he pa ame e s. Sec-
ond, we look in o analy ical esul s o gain deepe insigh s
in o he model’s pa ame e s and a ious go e nance impli-
ca ions. We see ha a key ques ion is whe he o use a single
TP o mo e han one TP o di e en models, i.e., decid-
ing o homogenei y o o a speci ic he e ogenei y le el. As
ou lined, we model his by using di e en co ela ion le els.
We begin wi h an applica ion example, o which we
assume a ulne abili y p obabili y pg=10 %. We conside
womodelsm1andm2wi h N1=25,000and N2=25,000,
i.e., a pla o m size o 50,000 uni s, wi h exploi p obabili-
ies g1=g2=0.1%. We compa e h ee dis inc scena ios:
Scena io A (homogenei y) – model m1(D-Link DCS-930L)
and m2(D-Link DCS-932L) a e pe ec ly co ela ed since
hey bo h use he BusyBox TP. Scena io B (pa ially co e-
la ed) – model m1(D-Link DCS-930L) and m2(TomTom
GO na iga ion sys em) use he BusyBox TP bu enac in
a di e en en i onmen , such ha a pa ial co ela ion can
be assumed (we use ρ1,2=0.5 o his scena io). Scena io
C (he e ogenei y) – model m1(D-Link DCS-930L) and m2
123
In o ma ion Sys ems F on ie s (2025) 27:1471–1490 1485
non-con o mi y cos s o de i e go e nance implica ions o
TP use in he IoT. We ound ha companies should ca e ully
conside hei TP he e ogenei y le el since expe iencing a
leas one exploi is mo e likely o wo unco ela ed mod-
els (TPC I), whe eas la ge-scale exploi s a e mo e likely
o homogeneous TPs (TCP II). Vulne abili y p obabili y
is in luen ial since i di ec ly ansla es o an inc eased o
dec eased isk (TPC V). Fu he , o x→∞, he a io
be ween TP homogenei y and he e ogenei y depends on he
ulne abili y p obabili y (TPC III) alone, and homogeneous
TPs become iskie compa ed o he e ogeneous ones se ings
when dec easing he ulne abili y p obabili y (TPC IV). The
exploi p obabili y and model size mainly a ec la ge-scale
exploi s (TPC VI).
We also iden i ied se e al po en ial go e nance measu es
a he indi idual, company, and egula o y le els ela ing o
he TPCs. F om he indi idual pe spec i e, IoT TPs a e o en
no appa en , limi ing he po en ial go e nance measu es
o inc eased awa eness o secu i y, o ins ance, by ensu -
ing egula upda es. Supplie companies may limi he le el
o con o mi y cos s, ading i o po en ial non-con o mi y
cos s, pa ially owing o he absence o e ec i e egula ion,
since i has no inhe en alue un il a ( ela i ely unlikely)
exploi occu s. Since manu ac u e s can ha dly a oid using
TPs owing o hei unc ional and economic bene i s, hey
should es ablish good go e nance p ac ices such as s uc-
u ed TP selec ion, imely pa ches, o audi s. Thus, we a gue
o a delibe a e, s a egic decision-making p ocess by man-
u ac u e s on he in e aces and connec i i y le els o hei
sma hings (Thielmann, 2017), conside ing he app op i-
a e – o , a he , necessa y – pla o m secu i y le el. Ye , i is
ha d o engage in he IoT go e nance ield om companies’
pe spec i es i egula ion p o ides no e ec i e amewo k
o esponsibili ies o egula ion a e e en denied (Thiel-
mann, 2017). Thus, we see a need o inc eased collabo a ion
a he company and egula o y le els o ind an app op i-
a e balance be ween egula ion and open in e aces o IoT,
i.e., con o mi y and non-con o mi y cos s. This is especially
challenging conside ing he equi emen o in e na ional
egula ion amewo ks owing o he global na u e o he IoT
(Webe , 2010; Nicolescu e al., 2018). Combining ou model
in e p e a ion wi h he no ion o epidemic h esholds, we
Table 2 Technology Pla o m Cha ac e is ics and Secu i y-Rela ed Go e nance Measu es
TPC Desc ip ion Go e nance Implica ions
I-II I is mos likely o he unco ela ed case (scena io C – he -
e ogenei y) and leas likely o he pe ec ly co ela ed case
(scena io A – homogenei y) o expe ience an exploi a all,
i.e., an exploi in a leas one uni .
La ge-scale exploi s a e mos likely o he pe ec ly co e-
la ed case (scena io A – homogenei y) and leas likely o
he unco ela ed case (scena io C – he e ogenei y).
A heindi idual le el,i appea sla gelyimpossible oin lu-
ence he co ela ion o models.
Companies may ha e o make a s a egicdecision o esol e
ensions be ween model homogenei y and he e ogenei y.
Supplie s will ha e o iden i y how many models a e based
on hei TP.Manu ac u e s will aceacon inuumo choices.
A he egula o y le el, a decision may ha e o be made o
which ex en TP homogenei y and he e ogenei y would be
desi ed and en o ced.
III–V Fo x→∞, he ela ionship be ween scena ios A and C
solely depends on he ulne abili y p obabili y pg.
Fo x→∞, he lowe ing o ulne abili y p obabili y pg
makes he use o one TP ela i ely iskie compa ed o wo
unco ela ed TPs.
Aninc eased ulne abili yp obabili y di ec lyinc eases he
isk o la ge-scale exploi s o TPs in IoT.
A heindi idual le el,i appea sla gelyimpossible oin lu-
ence he co ela ion o models. Indi iduals should be awa e
o he TPs used and hei ulne abili ies.
Companies and egula o s may hus ha e o s ep in o p o-
ec end-use s.
Supplie s should be incen i ized o p o ide TPs wi h low
ulne abili y p obabili ies o manage he isks caused by
TPC V. They may also ely on he use o es ablished secu-
i y s anda ds, audi s, secu i y by design, and code es ing.
As manu ac u e s apply p e iously designed and supplied
TPs, hey ha e limi ed con ol o e ulne abili ies. Ne e -
heless, hey a e incen i ized o do hei bes when i comes
o he selec ion o TPs and he ela ed secu i y audi s.
A he egula o y le el, legal equi emen s and no ms could
be de eloped o a oid si ua ions in which companies aim o
achie e excessi e con o mi y cos sa ings a he expense o
highe le els o ulne abili y.
VI Inc easing he exploi p obabili y o he model size
inc eases he p obabili y P(X>x), especially o la ge-
scale exploi s (x>x).
Fo indi iduals and manu ac u e s, i is ad isable o keep
all sma hings egula ly upda ed. Mos o he esponsibil-
i y o limi exploi s lies wi h he TP supplie .
A he egula o y le el, legal equi emen s and s anda ds
could be o mula ed, pa icula ly in ela ion o c i ical
in as uc u es.
123

1486 In o ma ion Sys ems F on ie s (2025) 27:1471–1490
emphasize he impac s esul ing om widesp ead IoT TP use
and po en ial cascade e ec s wi hin a highly in e connec ed
IoT. We summa ize he di e en po en ial go e nance mea-
su es ela ing o hei espec i e TPCs in Table 2.
Ou esea ch has se e al limi a ions, which may also s im-
ula e u he esea ch on IoT TPs in a leas i e key a eas.
Fi s , we ocus on gene ic TP isks, so ou go e nance impli-
ca ions equi e u he elabo a ion o speci ic applica ion
ields o geog aphical egions. Fu u e esea ch could ocus
on a de ailed IoT pla o m go e nance amewo k, aking
he cause-and-e ec - ela ionships om ou pape as a he-
o e ical ounda ion. Second, ou model o TP isks in he
IoT ep esen s only an abs ac image o complex eali-
ies, neglec ing addi ional in luencing ac o s. Fo ins ance,
we ha e simpli ied in e aces, connec i i y, model-speci ic
pla o m adap a ions, o in e - empo al ace s. This opens
p omising a enues conce ning he alida ion o ou insigh s
wi h ex ensi e eal-wo ld da ase s and making hem mo e
case-speci ic; o ins ance, assessing he se e i y o ulne a-
bili ies/exploi s and adjus ing coun e measu es acco dingly
(Ca usoglu e al., 2008). Thi d, we used a Poisson app ox-
ima ion o he binomial dis ibu ion, which limi s ou
model’s applicabili y; o he app oxima ions may allow o a
be e applicabili y o eal-wo ldnumbe s in u u e esea ch.
Fou h, he explici analysis o cascade e ec s in he IoT, o
which he Be noulli mix u e model and ou no ion o co -
ela ion may be oo simplis ic, should be subjec o u u e
esea ch. Fi h, ou illus a i e example ocuses on wo TPs
in he IoT. Fu u e esea ch could hus expand on he model
by including mo e han wo TPs and conduc sensi i i y anal-
yses o cases in which he Poisson app oxima ion does no
hold.
Whilei emains obe seenwhowill amesma hings and
p o e o be he so ce e in ‘IoT Fan asia’, we p o ide ini ial
e idence on p omising go e nance measu es. Thus, we con-
ibu e o he desc ip i e body o knowledge by desc ibing
TP use in he IoT as well as he associa ed isks. By ans-
e ing a isk quan i ica ion app oach om he au omo i e
indus y, we shed ligh on he implica ions on go e nance
choices ela ed o (non-) con o mi y on secu i y h ea s in
he IoT and he eby explo e “ he unde lying causal s uc u e
o he heo y” (c . Me edi h e al., 1989, p. 303). We ou line
which pa ame e s o TPs a ec he isks o TP use in he IoT,
using he case o BusyBox as an example. Fu he , we delin-
ea e p esc ip i e go e nance implica ions esul ing om he
pa ame e so TPsin heIoT.Thus,wehelp e eal he ele an
cause-and-e ec ela ionships ha indi iduals, companies,
and egula o s can inco po a e o sound isk assessmen s.
Acknowledgemen s This esea ch was unded in pa by he Luxem-
bou g Na ional Resea ch Fund (FNR) and PayPal, PEARL g an e e -
ence 13342933/Gilbe F idgen, as well as g an e e ence 16326754/
PABLO. Suppo ed by Banque e Caisse d’Épa gne de l’É a , Luxem-
bou g (Spue keess). Fo he pu pose o open access, and in ul illmen
o he obliga ions a ising om he g an ag eemen , he au ho s ha e
applied a C ea i e Commons A ibu ion 4.0 In e na ional (CC BY 4.0)
license o any Au ho Accep ed Manusc ip e sion a ising om his
submission.
Au ho Con ibu ions Ma in B ennecke: Concep ualiza ion, alida-
ion, da a cu a ion, w i ing – o iginal d a , w i ing – e iew and edi ing,
p ojec adminis a ion. Gilbe F idgen: Concep ualiza ion, esou ces,
w i ing – e iew and edi ing, supe ision, unding acquisi ion. Jan
Jöhnk: Concep ualiza ion, me hodology, alida ion, o mal analysis,
da a cu a ion, w i ing – o iginal d a , w i ing – e iew and edi ing,
isualiza ion, p ojec adminis a ion. S en Radszuwill: Concep ualiza-
ion, me hodology, alida ion, o mal analysis, da a cu a ion, w i ing –
o iginal d a , w i ing – e iew and edi ing, isualiza ion. Johannes
Sedlmei : Concep ualiza ion, alida ion, da a cu a ion, w i ing – o ig-
inal d a , w i ing – e iew and edi ing, supe ision.
Funding Open Access unding enabled and o ganized by P ojek
DEAL.
Open Access This a icle is licensed unde a C ea i e Commons
A ibu ion 4.0 In e na ional License, which pe mi s use, sha ing, adap-
a ion, dis ibu ion and ep oduc ion in any medium o o ma , as
long as you gi e app op ia e c edi o he o iginal au ho (s) and he
sou ce, p o ide a link o he C ea i e Commons licence, and indi-
ca e i changes we e made. The images o o he hi d pa y ma e ial
in his a icle a e included in he a icle’s C ea i e Commons licence,
unless indica ed o he wise in a c edi line o he ma e ial. I ma e ial
is no included in he a icle’s C ea i e Commons licence and you
in ended use is no pe mi ed by s a u o y egula ion o exceeds he
pe mi eduse,youwillneed oob ainpe missiondi ec ly om hecopy-
igh holde . To iew a copy o his licence, isi h p://c ea i ecomm
ons.o g/licenses/by/4.0/.
Re e ences
A e good, S. (2018). Go e nmen s wan you sma de ices o ha e
s upidsecu i y laws.Na u e, 560(7720), 550–551. h ps://doi.o g/
10.1038/d41586-018-06033-9
Almeida, V. A., Doneda, D., & Mon ei o, M. (2015). Go e nance Chal-
lenges o he In e ne o Things. IEEE In e ne Compu ing, 19(4),
56–59. h ps://doi.o g/10.1109/MIC.2015.86
Al e , S. (2019). Making sense o sma ness in he con ex o sma
de ices and sma sys ems. In o ma ion Sys ems F on ie s, 9(4),
381–393. h ps://doi.o g/10.1007/s10796-019-09919-9
A en z, S. (2005). Hacking Linux-powe ed de ices. Re ie ed Ma ch
25, 2024, om h p://bo h.nikhe .nl/e en s/CCC/cong ess/21c3/
pape s/136%20Hacking%20Linux-Powe ed%20De ices.pd
A nold, L., Jöhnk, J., Vog , F., & U bach, N. (2022). IIoT pla -
o ms’ a chi ec u al ea u es - a axonomy and i e p e alen
a che ypes. Elec onic Ma ke s, 32(2), 927–944. h ps://doi.o g/
10.1007/s12525-021-00520-0
A o a, A., K ishnan, R., Telang, R., & Yang, Y. (2010). An empi i-
cal analysis o so wa e endo s’ pa ch elease beha io : impac
o ulne abili y disclosu e. In o ma ion Sys ems Resea ch, 21(1),
115–132. h ps://doi.o g/10.1287/is e.1080.0226
A zo i, L., Ie a, A., & Mo abi o, G. (2010). The In e ne o Things: A
su ey. Compu e Ne wo ks, 54(15), 2787–2805. h ps://doi.o g/
10.1016/j.comne .2010.05.010
Axel od, C.W. (2015). En o cing secu i y, sa e y and p i acy o he
In e ne o Things.In:Long Island Sys ems, Applica ions and Tech-
nologyh ps://doi.o g/10.1109/LISAT.2015.7160214
123
In o ma ion Sys ems F on ie s (2025) 27:1471–1490 1487
Baldwin, C.Y., & Wooda d, C.J. (2008). The a chi ec u e o pla o ms:
a uni ied iew. Ha a d Business School Finance Wo king Pape ,
(09-034) h ps://doi.o g/10.2139/ss n.1265155
Bandyopadhyay, K., Myky yn, P. P., & Myky yn, K. (1999). A ame-
wo k o in eg a ed isk managemen in in o ma ion echnology.
Managemen Decision, 37(5), 437–445. h ps://doi.o g/10.1108/
00251749910274216
Bha , M.I., & Gi i, K.J. (2021). Impac o compu a ional powe on
c yp og aphy. In: K. J. Gi i, S. A. Pa ah, R. Bashi , & K. Muham-
mad(Eds.),Mul imediasecu i y:Algo i hmde elopmen ,analysis
and applica ions (pp. 45–88). h ps://doi.o g/10.1007/978-981-
15-8711-5_4
Biswas, B., Mukhopadhyay, A., Bha acha jee, S., Kuma , A., & Delen,
D. (2022). A ex -mining based cybe - isk assessmen and mi -
iga ion amewo k o c i ical analysis o online hacke o ums.
Decision Suppo Sys ems, 152, 113651. h ps://doi.o g/10.1016/
j.dss.2021.113651
Biswas, B., Mukhopadhyay, A., Kuma , A., & Delen, D. (2023).
A hyb id amewo k using explainable AI (XAI) in cybe - isk
managemen o de ence and eco e y agains phishing a acks.
Decision Suppo Sys ems., 177, 114102. h ps://doi.o g/10.1016/
j.dss.2023.114102
Bluhm,C.,O e beck,L.,& Wagne , C. (2010).An in oduc ion o c edi
isk modeling. Chapman
Bo gia, E. (2014). The In e ne o Things ision: Key ea u es, applica-
ions and open issues. Compu e Communica ions,54,. h ps://doi.
o g/10.1016/j.comcom.2014.09.008
Boulange , A. (2005). Open-sou ce e sus p op ie a y so wa e: Is one
mo e eliable and secu e han he o he ? IBM Sys ems Jou nal,
44(2), 239–248. h ps://doi.o g/10.1147/sj.442.0239
Buck, C., Olenbe ge , C., Schweize , A., Völ e , F., & Eymann, T.
(2021). Ne e us , always e i y: A mul i ocal li e a u e e iew
on cu en knowledge and esea ch gaps o ze o- us . Compu -
e s & Secu i y, 110, 102436. h ps://doi.o g/10.1016/j.cose.2021.
102436
Buldy e , S. V., Pa shani, R., Paul, G., S anley, H. E., & Ha lin,
S. (2010). Ca as ophic cascade o ailu es in in e depen-
den ne wo ks. Na u e, 464, 1025–1028. h ps://doi.o g/10.1038/
na u e08932
BusyBox. (2022). The swiss a my kni e o embedded Linux: P oduc s.
Re ie ed Ma ch 25, 2024, om h ps://www.busybox.ne /abou .
h ml
Ca usoglu, H., Ca usoglu, H., & Zhang, J. (2008). Secu i y pa ch man-
agemen : Sha e he bu den o sha e he damage? Managemen
Science, 54(4),657–670.h ps://doi.o g/10.1287/mnsc.1070.0794
CISA. (2021). S a emen om CISA Di ec o Eas e ly on Log4j
Vulne abili y. Re ie ed Ma ch 25, 2024, om h ps://www.cisa.
go /news-e en s/news/s a emen -cisa-di ec o -eas e ly-log4j-
ulne abili y
Chen, P.-Y., Ka a ia, G., & K ishnan, R. (2011). Co ela ed ailu es,
di e si ica ion, and in o ma ion secu i y isk managemen . MIS
Qua e ly, 35(2), 397–422. h ps://doi.o g/10.2307/23044049
Colwill, C. (2009). Human ac o s in in o ma ion secu i y: The inside
h ea - who can you us hese days? In o ma ion Secu i y Tech-
nical Repo , 14(4), 186–196. h ps://doi.o g/10.1016/j.is .2010.
04.004
COM/2022/454 inal. (2022). P oposal o a Di ec i e o he Eu o-
pean Pa liamen and o he Council on ho izon al cybe secu i y
equi emen s o p oduc s wi h digi al elemen s and amending
Regula ion (EU) 2019/1020 (Cybe Resilience Ac ). Re ie ed
Ma ch 25, 2024, om h ps://eu -lex.eu opa.eu/legal-con en /EN/
TXT/?u i=celex:52022PC0454
COM/2022/495 inal. (2022). P oposal o a Di ec i e o he Eu o-
pean Pa liamen and o he Council on liabili y o de ec i e
p oduc s (New P oduc Liabili y Di ec i e). Re ie ed Ma ch
25, 2024, om h ps://eu -lex.eu opa.eu/legal-con en /EN/TXT/?
u i=CELEX:52022PC0495
P elimina y pos inciden e iew (pi ): Con en con igu a ion upda e
impac ing he alcon senso and he windows ope a ing sys em
(bsod). Re ie ed July 24, 2024, om h ps://www.c owds ike.
com/ alcon-con en upda e- emedia ion-and-guidance-hub/
CVE-2016-2148. (2016) Heap-based bu e o e low in he DHCP
clien (udhcpc) in BusyBox be o e 1.25.0 allows emo e a acke s
o ha e unspeci ied impac ia ec o s in ol ing OPTION_6RD
pa sing. Re ie ed Ma ch 25, 2024, om h ps://www.c ede ails.
com/c e/CVE-2016-2148/
CVE-2018-1000517. (2018). BusyBox p ojec BusyBox wge e sion
p io o commi 8e... con ains a bu e o e low ulne abili y.
Re ie ed Ma ch 25, 2024, om h ps://www.c ede ails.com/c e/
CVE-2018-1000517/
CVE-2022-48174. (2022). The e is a s ack o e low ulne abili y in
ash.c:6030 in BusyBox be o e 1.35. Re ie ed Ma ch 25, 2024,
om h ps://www.c ede ails.com/c e/CVE-2022-48174/
Cybe secu i y & In as uc u e Secu i y Agency. (2024). Indus ial
Con ol Sys ems. Re ie ed Ma ch 25, 2024, om h ps://www.
cisa.go / opics/indus ial-con ol-sys ems
Cybe secu i yhelp. (2022). #U65004 OS command injec ion in
BusyBox. Re ie ed om h ps://www.cybe secu i y-help.cz/
ulne abili ies/65004/
Dailymail, (2016). Cybe a acks c ipple Twi e , Ne lix, o he web-
si es. Re ie ed Ma ch 25, 2024, om h p://www.dailymail.
co.uk/wi es/a p/a icle-3859624/Twi e -Spo i y-websi es-shu -
DDOS-a ack.h ml
Dibia, V., & Wagne , C. (2015). Success wi hin app dis ibu ion
pla o ms: he con ibu ion o app di e si y and app cohesi i y.
(4304–4313) h ps://doi.o g/10.1109/HICSS.2015.515
Di ec i e (EU) 2022/2555. (2022). Di ec i e (EU) 2022/2555 o he
Eu opean Pa liamen and o he Council o 14 Decembe 2022 on
measu es o a high common le el o cybe secu i y ac oss he
Union, amending Regula ion (EU) No 910/2014 and Di ec i e
(EU) 2018/1972, and epealing Di ec i e (EU) 2016/1148 (NIS
2 Di ec i e). Re ie ed Ma ch 25, 2024, om h p://da a.eu opa.
eu/eli/di /2022/2555/oj
Economides, N., & Ka samakas, E. (2006). Two-sided compe i ion o
p op ie a y s. open sou ce echnology pla o ms and he impli-
ca ions o he so wa e indus y. Managemen Science,52(7),
1057–1071 h ps://doi.o g/10.1287/mnsc.1060.0549
Eden, P., Bly h, A., Jones, K., Soulsby, H., Bu nap, P., Che dan se a, Y.,
& S odda , K. (2017). SCADA Sys em Fo ensic Analysis Wi hin
IIoT. In: Ad anced Manu ac u ing, Cybe secu i y o Indus y 4.0:
Analysis o Design and Manu ac u ing (pp. 73–101). Sp inge .
El ayeb, M.A. (2017). In e ne o Things: P i acy and secu i y implica-
ions. In e na ional Jou nal o Hype connec i i y and he In e ne
o Things,1(1), h ps://doi.o g/10.4018/IJHIoT.2017010101
Fabe , B., & Gün he , O. (2007). Dis ibu ed ONS and i s impac
on p i acy. IEEE In e na ional Con e ence on Communica ions,
(1223–1228) h ps://doi.o g/10.1109/ICC.2007.207
Fabozzi, F. J., Kolm, P. N., Pachamano a, D. A., & Foca di, S. M.
(2007). Robus po olio op imiza ion and managemen . John
Wiley.
Facin, A. L. F., de Vasconcelos Gomes, L. A., de Mesqui a Spinola,
M., & Sale no, M. S. (2016). The e olu ion o he pla o m
concep : a sys ema ic e iew. IEEE T ansac ions on Enginee -
ing Managemen , 63(4), 475–488. h ps://doi.o g/10.1109/TEM.
2016.2593604
Fede al T ade Commission. (2017). FTC cha ges D-Link pu con-
sume s’ p i acy a isk due o he inadequa e secu i y o i s
compu e ou e s and came as: De ice-make ’s alleged ailu es
o easonably secu e so wa e c ea ed malwa e isks and o he
ulne abili ies. Re ie ed Ma ch 25, 2024, om h ps://www.
c.go /news-e en s/news/p ess- eleases/2017/01/ c-cha ges-
123
1488 In o ma ion Sys ems F on ie s (2025) 27:1471–1490
d-link-pu -consume s-p i acy- isk-due-inadequa e-secu i y-i s-
compu e - ou e s-came as
Fichman, R. G. (2014). Real op ions and IT pla o m adop ion: implica-
ions o heo y andp ac ice.In o ma ion Sys ems Resea ch, 15(2),
132–154. h ps://doi.o g/10.1287/is e.1040.0021
Financial Times (2024). Companies a ound he wo ld hi by Mic oso
ou age. Re ie ed July 19, 2024, omh ps://www. .com/con en /
ba9b61d-e c -4348-b640-ccb1 9d18ced
F ank, M., Jaege , L., & Ran , L. M. (2022). Con ex ual d i e s o
employees’ phishing suscep ibili y: Insigh s om a ield s udy.
Decision Suppo Sys ems, 160, 113818. h ps://doi.o g/10.1016/
j.dss.2022.113818
Gawe ,A.(2014).B idging di e ingpe spec i eson echnologicalpla -
o ms: owa d an in eg a i e amewo k. Resea ch Policy, 43(7),
1239–1249. h ps://doi.o g/10.1016/j. espol.2014.03.006
Gepp, M., Foeh , M., & Vollma , J. (2016). S anda diza ion, modula -
iza ion and pla o m app oaches in he enginee - o-o de business
– e iew and ou look. In: P oceedings o he Annual IEEE Sys ems
Con e ence. h ps://doi.o g/10.1109/SYSCON.2016.7490549
Giesecke, K. (2004). C edi isk modeling and alua ion: an in oduc-
ion. C edi Risk: Models and Managemen ,2,. h ps://doi.o g/10.
2139/ss n.479323
Giesecke, K., & Webe , S. (2004). Cyclical co ela ions, c edi con a-
gion,andpo oliolosses.Jou nal o Banking and Finance, 28(12),
3009–3036. h ps://doi.o g/10.1016/j.jbank in.2003.11.002
Hampson, M. (2019) IoT secu i y isks: d ones, ib a o s, and
kids’ oys a e s ill ulne able o hacking. Re ie ed Ma ch 25,
2024, om h ps://spec um.ieee.o g/io -secu i y- isks-d ones-
ib a o s-io -de ices-kids- oys- ulne able- o-hacking
Ha wich, E., Riege , A., Sedlmei , J., Ju ek, D., & F idgen, G. (2023).
Machine economies. Elec onic Ma ke s,33,. h ps://doi.o g/10.
1007/s12525-023-00649-0
Helbing, D. (2013). Globally ne wo ked isks and how o espond.
Na u e, 497(7447), 51–59. h ps://doi.o g/10.1038/na u e12047
Howa d, J.D., & Longs a , T.A. (1998). A common language o com-
pu e secu i y inciden s. Sandia Na ional Labo a o ies
Hube , R.X.R., Lockl, J., Röglinge , M., & Weidlich, R., (2024). The
Concep o a Sma Ac ion–Resul s om Analyzing In o ma ion
Sys ems Li e a u e. Communica ions o he Associa ion o In o -
ma ion Sys ems,54(1), 6 h ps://doi.o g/10.17705/1CAIS.05408
ICS-CERT. (2018a). ICSA-15-260-01: Ha man-Ka don Uconnec ul-
ne abili y. Re ie ed Ma ch 25, 2024, om h ps://ics-ce .us-ce .
go /ad iso ies/ICSA-15-260-01
ICS-CERT. (2018b). ICSA-17-208-01: Con inen al AG In ineon S-
Gold 2 (PMB 8876). Re ie ed Ma ch 25, 2024, om h ps://ics-
ce .us-ce .go /ad iso ies/ICSA-17-208-01
ISO/SAE 21434:2021. (2021). Road ehicles: Cybe secu i y enginee -
ing s anda d o he In e na ional O ganiza ion o S anda diza ion.
Re ie ed Ma ch 25, 2024, h ps://www.iso.o g/s anda d/70918.
h ml
Kang, C. M., Hong, Y. S., Huh, W. T., & Kang, W. (2015). Risk p opa-
ga ion h ough a pla o m: he ailu e isk pe spec i e on pla o m
sha ing. IEEE T ansac ions on Enginee ing Managemen , 62(3),
372–383. h ps://doi.o g/10.1109/TEM.2015.2427844
Ka ale, A. (2021). The Challenges o IoT Add essing Secu i y, E hics,
P i acy, and Laws. In e ne o Things,15,. h ps://doi.o g/10.1016/
j.io .2021.100420
Keoh, S. L., Kuma , S. S., & Tscho enig, H. (2014). Secu ing he
In e ne o Things: A s anda diza ion pe spec i e. IEEE In e ne
o Things Jou nal, 1(3), 265–275. h ps://doi.o g/10.1109/JIOT.
2014.2323395
Kim, K., & Al mann, J. (2020). Pla o m p o ide oles in inno a ion
in so wa e se ice ecosys ems. IEEE T ansac ions on Enginee -
ing Managemen , 69(4), 930–939. h ps://doi.o g/10.1109/TEM.
2019.2949023
Koche , P., Ho n, J., Fogh, A., Genkin, D., G uss, D., Haas, W.,...,
Ya om, Y. (2018). Spec e a acks: Exploi ing specula i e execu-
ion. Re ie ed Ma ch 25, 2024, h ps://spec ea ack.com/spec e.
pd
Kim, D.-h., Lee, H., Kwak, J. (2017). S anda ds as a d i ing o ce ha
in luences eme ging echnological ajec o ies in he con e ging
wo ld o he in e ne and hings: An in es iga ion o he M2M/IoT
pa en ne wo k. Resea ch Policy, 46(7), 1234–1254. h ps://doi.
o g/10.1016/j. espol.2017.05.008
Lee, C. H., Geng, X., & Raghuna han, S. (2016). Manda o y s anda ds
and o ganiza ional in o ma ion secu i y. In o ma ion Sys ems
Resea ch., 27(1), 70–86. h ps://doi.o g/10.1287/is e.2015.0607
Lemos, R. (2024). SAST, DAST, IAST, and RASP: P os, cons and how
o choose. Techbeacon. Re ie ed Ma ch 25, 2024, om h ps://
echbeacon.com/sas -das -ias - asp-p os-cons-how-choose
Li, S., Xu, L. D., & Zhao, S. (2015). The In e ne o Things: A su ey.
In o ma ion Sys ems F on ie s, 17(2),243–259.h ps://doi.o g/10.
1007/s10796-014-9492-7
Lins, M., May ho e , R., Roland, M., Ho e , D., & Schwaigho e , M.
(2024). On he c i ical pa h o implan backdoo s and he e ec-
i eness o po en ial mi iga ion echniques: Ea ly lea nings om
xz. h ps://doi.o g/10.48550/a Xi .2404 08987
Lin on, M., & Pa seghian, P. (2018). Today’s CPU ulne -
abili y: Wha you need o know. Re ie ed Ma ch 25,
2024, om h ps://secu i y.googleblog.com/2018/01/ odays-cpu-
ulne abili y-wha -you-need.h ml
Lipp, M., Schwa z, M., G uss, D., P esche , T., Haas, W., Fogh, A., ...,
Hambu g, M. (2018). Mel down. Re ie ed Ma ch 25, 2024, om
h ps://mel downa ack.com/mel down.pd
Medei os, J. (2017). WannaC y laid ba e he NHS’ ou da ed IT
ne wo k – and i ’s s ill causing p oblems: The e ec s o he Wan-
naC y a ack a e s ill being el a NHS hospi als. Re ie ed July
25, 2024, om h p://www.wi ed.co.uk/a icle/nhs-cybe a ack-
i - ansomwa e
Meneghello, F., Calo e, M., Zucche o, D., Polese, M., & Zanella, A.
(2019). IoT: In e ne o h ea s? A su ey o p ac ical secu i y
ulne abili iesin ealIoTde ices.IEEE In e ne o Things Jou nal,
6(5), 8182–8201. h ps://doi.o g/10.1109/JIOT.2019.2935189
Me edi h, J. R., Ra u i, A., Amoako-Gympah, K., & Kaplan, B. (1989).
Al e na i e esea ch pa adigms in ope a ions. Jou nal o Ope a-
ions Managemen , 8(4), 297–326. h ps://doi.o g/10.1016/0272-
6963(89)90033-8
Mic oso Th ea In elligence. (2021). Guidance o p e en ing, de ec -
ing, and hun ing o exploi a ion o he Log4j 2 ulne abili y.
Re ie ed Ma ch 25, 2024, om h ps://www.mic oso .com/en-
us/secu i y/blog/2021/12/11/guidance- o -p e en ing-de ec ing-
and-hun ing- o -c e-2021-44228-log4j-2-exploi a ion/#a acks
Mille , B., & Rowe, D. (2012). A su ey SCADA o and c i ical
in as uc u e inciden s. 1s Annual Con e ence on Resea ch in
In o ma ion Technology, 51–56 h ps://doi.o g/10.1145/2380790.
2380805
Minis y o In e nal A ai s and Communica ions, Na ional Ins i u e
o In o ma ion and Communica ions Technology. (2019). The
“NOTICE” p ojec o su ey IoT de ices and o ale use s.
Re ie ed Ma ch 25, 2024, om h ps://www.nic .go.jp/en/p ess/
2019/02/01-1.h ml
Mohamad Noo , M., & Haslina Hassan, W. (2019). Cu en esea ch on
In e ne o Things (IoT) secu i y: a su ey. Compu e Ne wo ks,
148(15), 283–294. h ps://doi.o g/10.1016/j.comne .2018.11.025
Ne ille-Neil, G. V. (2017). IoT: The In e ne o Te o . Communica ions
o he ACM, 60(10), 46–37. h ps://doi.o g/10.1145/3132728
Nicolescu, R., Hu h, M., Radanlie , P., & Rou e, D. D. (2018). Mapping
he alues o IoT. Jou nal o In o ma ion Technology, 33(4), 345–
360. h ps://doi.o g/10.1057/s41265-018-0054-1
123
In o ma ion Sys ems F on ie s (2025) 27:1471–1490 1489
Po ch, C., Timb ell, G., & Rosemann, M. (2015). Pla o ms: a sys em-
a ic e iew o he li e a u e using algo i hmic his og aphy. h ps://
doi.o g/10.18151/7217443
P akash, B. A., Chak aba i, D., Valle , N. C., Falou sos, M., & Falou -
sos, C. (2012). Th eshold condi ions o a bi a y cascade models
ona bi a y ne wo ks.Knowledge and In o ma ion Sys ems, 33(3),
549–575. h ps://doi.o g/10.1007/s10115-012-0520-y
Püschel, L., Schlo , H., & Röglinge , M. (2016). Wha ’s in a sma
hing? De elopmen o a mul i-laye axonomy. P oceedings
o he 37 h In e na ional Con e ence on In o ma ion Sys ems.
Re ie ed Ma ch 25, 2024, om h ps://aisel.aisne .o g/icis2016/
Digi alInno a ion/P esen a ions/6
Radanlie , P., Rou e, D. C. D., Nicolescu, R., Hu h, M., Mon al o, R.
M., Cannady, S., & Bu nap, P. (2018). Fu u e de elopmen s in
cybe isk assessmen o he In e ne o Things. Compu e s in
Indus y, 102, 14–22. h ps://doi.o g/10.1016/j.compind.2018.08.
002
Raine , R. K., J ., Snyde , C. A., & Ca , H. H. (1991). Risk analysis
o in o ma ion echnology. Jou nal o Managemen In o ma ion
Sys ems, 8(1), 129–147. h ps://doi.o g/10.1080/07421222.1991.
11517914
Ransbo ham, S., Fichman, R. G., Gopal, R., & Gup a, A. (2016). Spe-
cial sec ion in oduc ion - ubiqui ous IT and digi al ulne abili ies.
In o ma ion Sys em Resea ch, 27(4), 834–847. h ps://doi.o g/10.
1287/is e.2016.0683
Rausand,M.,Ba os,A.,&Hoyland,A.(2020).Sys emReliabili yThe-
o y: Models, S a is ical Me hods, and Applica ions. John Wiley &
Sons. h ps://doi.o g/10.1002/9781119373940
Regula ion (EU) 2016/679. (2016). Regula ion (EU) 2016/679 o he
Eu opean Pa liamen and o he Council o 27 Ap il 2016 on
he p o ec ion o na u al pe sons wi h ega d o he p ocessing
o pe sonal da a and on he ee mo emen o such da a, and
epealing Di ec i e 95/46/EC (Gene al Da a P o ec ion Regula-
ion). Re ie ed Ma ch 25, 2024, om h p://da a.eu opa.eu/eli/
eg/2016/679/oj
Regula ion (EU) 2018/858. (2018). Regula ion (EU) 2018/858 o
he Eu opean Pa liamen and o he Council o 30 May 2018
on he app o al and ma ke su eillance o mo o ehicles and
hei aile s, and o sys ems, componen s and sepa a e echni-
cal uni s in ended o such ehicles, amending Regula ions (EC)
No 715/2007 and (EC) No 595/2009 and epealing Di ec i e
2007/46/EC. Re ie ed Ma ch 25, 2024, om h p://da a.eu opa.
eu/eli/ eg/2018/858/oj
Regula ion (EU) 2019/2144. (2019). Regula ion (EU) 2019/2144 o he
Eu opean Pa liamen and o he Council o 27 No embe 2019 on
ype-app o al equi emen s o mo o ehicles and hei aile s,
and sys ems, componen s and sepa a e echnical uni s in ended o
such ehicles, as ega ds hei gene al sa e y and he p o ec ion o
ehicle occupan s and ulne able oad use s, amending Regula ion
(EU) 2018/858 o he Eu opean Pa liamen and o he Council
and epealing Regula ions (EC) No 78/2009, (EC) No 79/2009
and (EC) No 661/2009 o he Eu opean Pa liamen and o he
Council and Commission Regula ions (EC) No 631/2009, (EU)
No 406/2010, (EU) No 672/2010, (EU) No 1003/2010, (EU) No
1005/2010, (EU) No 1008/2010, (EU) No 1009/2010, (EU) No
19/2011,(EU)No109/2011,(EU)No458/2011,(EU)No65/2012,
(EU) No 130/2012, (EU) No 347/2012, (EU) No 351/2012, (EU)
No 1230/2012 and (EU) 2015/166. Re ie ed Ma ch 25, 2024,
om h p://da a.eu opa.eu/eli/ eg/2019/2144/oj
Riege ,A., Thumme ,R., F idgen,G., Kahlen, M.,& Ke e ,W. (2016).
Es ima ing he bene i s o coope a ion in a esiden ial mic og id:
A da a-d i en app oach. Applied Ene gy, 180, 130–141. h ps://
doi.o g/10.1016/j.apene gy.2016.07.105
Ronen, E., O’Flynn, C., Shami , A., & Weinga en, A.O. (2016). IoT
goes nuclea : c ea ing a ZigBee chain eac ion. Re ie ed Ma ch
25, 2024, om h ps://ep in .iac .o g/2016/1047.pd
Roy, A. D. (1952). Sa e y i s and he holding o asse s. Econome ica,
20(3), 431. h ps://doi.o g/10.2307/1907413
Sadeghi, A.R., Wachsmann, C., & Waidne , M. (2015). Secu i y and
p i acy challenges in indus ial In e ne o Things. P oceedings o
he 52nd Annual Design Au oma ion Con e ence.h ps://doi.o g/
10.1145/2744769.2747942
Sica i, S., Cappiello, C., Pelleg ini, F. D., Mio andi, D., & Coen-
Po isini, A. (2016). A secu i y-and quali y-awa e sys em a chi ec-
u e o In e ne o Things. In o ma ion Sys ems Resea ch, 18(4),
665–677. h ps://doi.o g/10.1007/s10796-014-9538-x
Siponen, M. T., & Oinas-Kukkonen, H. (2007). A e iew o in o ma ion
secu i y issues and espec i e esea ch con ibu ions. ACM SIG-
MIS Da abase, 38(1), 60–80. h ps://doi.o g/10.1145/1216218.
1216224
Slaugh e , S. A., Ha e , D. E., & K ishnan, M. S. (1998). E alua ing
he cos o so wa e quali y. Communica ions o he ACM, 41(8),
67–73. h ps://doi.o g/10.1145/280324.280335
Sma og L d. (2012). Open sou ce e ms. Re ie ed Ma ch 25, 2024,
om h ps://www.sma og.com/en-us/open-sou ce- e ms
Syed, R. (2020). Cybe secu i y ulne abili y managemen : A concep-
ual on ology and cybe in elligence ale sys em. In o ma ion &
Managemen , 57(6), 103334. h ps://doi.o g/10.1016/j.im.2020.
103334
Temizkan, O., Pa k, S., & Saydam, C. (2017). So wa e di e si y o
imp o edne wo ksecu i y:Op imaldis ibu iono so wa e-based
sha ed ulne abili ies. In o ma ion Sys ems Resea ch, 28(4), 828–
849. h ps://doi.o g/10.1287/is e.2017.0722
Thielmann, S. (2017). Ac ing ede al ade commission head:
In e ne o Things should sel - egula e. Re ie ed Ma ch 25,
2024, om h ps://www. hegua dian.com/ echnology/2017/ma /
14/ ede al- ade-commission-in e ne - hings- egula ion
Thomas, L. D. W., Au io, E., & Gann, D. M. (2014). A chi ec u al
le e age: Pu ing pla o ms in con ex . Academy o Managemen
Pe spec i es, 28(2), 198–219. h ps://doi.o g/10.5465/amp.2011.
0105
TomTom, T. (2005). Open sou ce so wa e: TomTom GO 4.
Re ie ed Ma ch 25, 2024, om h ps://www. om om.com/de_a /
opensou ce/go- e sion-4
T a is, G. (2019). How he Boeing 737 Max disas e looks o a
so wa e de elope . IEEE Spec um,18. Re ie ed om h ps://
spec um.ieee.o g/how- he-boeing-737-max-disas e -looks- o-
a-so wa e-de elope
Ve mesan, O., & F iess, P. (Eds.) (2022). Digi ising he indus y In e -
ne o Things connec ing he physical, digi al and Vi ualWo lds.
Taylo & F ancis
Violino, B. (2017). FTC s D-Link: The legal isks o IoT
insecu i y: Vulne abili ies in connec ed de ices spell po en-
ial ouble o p oduc manu ac u e s. Re ie ed Ma ch
25, 2024, om h ps://www.zdne .com/a icle/ c- s-d-link- he-
legal- isks-o -io -insecu i y/
Vec a AI Secu i y Resea ch Team. (2016). How a webcam Can Be
exploi ed as a backdoo , 2024-07-25. h ps://www. ec a.ai/blog/
u ning-a-webcam-in o-a-backdoo
on Solms, R., & an Nieke k, J. (2013). F om in o ma ion secu i y o
cybe secu i y. Compu e s & Secu i y, 38, 97–102. h ps://doi.o g/
10.1016/j.cose.2013.04.004
Waldo, J. (2002). Vi ual o ganiza ions, pe asi e compu ing, and an
in as uc u e o ne wo king a he edge. In o ma ion Sys ems
F on ie s, 4(1), 9–18. h ps://doi.o g/10.1023/A:1015322219248
Wal e s, R., & Jo dan, J. (2016). US mus emain igilan o coun e
cybe a acks. Re ie ed Ma ch 25, 2024, om h p://dailysignal.
com/2016/10/26/how-a-cybe a ack- ook-down- wi e -ne lix-
and- he-new-yo k- imes/
Wang, H., He, H., Zhang, W., Liu, W., Liu, P., & Ja adpou , A. (2022).
Using honeypo s o model bo ne a acks on he In e ne o Medi-
123
1490 In o ma ion Sys ems F on ie s (2025) 27:1471–1490
cal Things. Compu e s and Elec ical Enginee ing, 102, 108212.
h ps://doi.o g/10.1016/j.compeleceng.2022.108212
Wa s, D.J. (2002). In A simple model o global cascades on an-
dom ne wo ks (Vol. 99, 5766–5771). h ps://doi.o g/10.1073/pnas.
082090499
Webe , R. H. (2010). In e ne o Things - new secu i y and p i acy chal-
lenges. Compu e Law & Secu i y Re iew, 26(1), 23–30. h ps://
doi.o g/10.1016/j.cls .2009.11.008
Webe , R. H. (2013). In e ne o Things - go e nance quo adis? Com-
pu e Law & Secu i y Re iew, 29(4), 341–347. h ps://doi.o g/10.
1016/j.cls .2013.05.010
Weigl, L., Ba be ea, T., Sedlmei , J., & Za olokina, L. (2023). Medi-
a ing he ension be ween da a sha ing and p i acy: The case o
DMA and GDPR. In: P oceedings o he 31s Eu opean Con e -
ence on In o ma ion Sys ems, AIS. Re ie ed om h ps://aisel.
aisne .o g/ecis2023_ ip/49/
Wes , J. (2003). How open is open enough? Melding p op ie a y and
open sou ce pla o m s a egies. Resea ch Policy, 32(7), 1259–
1285. h ps://doi.o g/10.1016/S0048-7333(03)00052-0
Whi mo e, A., Aga wal, A., & Xu, L. D. (2015). The In e ne o Things
- a su ey o opics and ends. In o ma ion Sys ems F on ie s,
17(2), 261–274. h ps://doi.o g/10.1007/s10796-014-9489-2
Yoo, Y. (2010). Compu ing in e e y day li e: A call o esea ch on
expe ien ial compu ing. MIS Qua e ly, 34(2), 213–231. h ps://
doi.o g/10.2307/20721425
Yoo, Y., J ., R. J. B., Lyy inen, K., & Majch zak, A. (2012). O ganizing
o inno a ion in he digi ized wo ld. O ganiza ion Science, 23(5),
1398–1408. h ps://doi.o g/10.1287/o sc.1120.0771
Yo k, D. (2018). Mel down and Spec e: Why we need igilance,
upg adeabili y, and collabo a i e secu i y. Re ie ed Ma ch
25, 2024, om h ps://www.in e ne socie y.o g/blog/2018/01/
mel down-spec e-need- igilance-upg adeabili y-collabo a i e-
secu i y/
Zhou,W., Jia, Y., Peng, A.,Zhang, Y., &Liu, P. (2019). Thee ec o IoT
new ea u es on secu i y and p i acy: new h ea s, exis ing solu-
ions, and challenges ye o be sol ed. In e ne o Things Jou nal,
6(2), 1606–1616. h ps://doi.o g/10.1109/JIOT.2018.2847733
Publishe ’s No e Sp inge Na u e emains neu al wi h ega d o ju is-
dic ional claims in published maps and ins i u ional a ilia ions.
Ma in B ennecke is a doc o al esea che a he In e disciplina y
Cen e o Secu i y, Reliabili y and T us (SnT), Uni e si y o Lux-
embou g. In his esea ch, he in es iga es he impac o digi al in as-
uc u e decen aliza ion on indi iduals, o ganiza ions, and socie y. He
holds a mas e ’s deg ee in in e na ional economics and go e nance, as
well as a bachelo ’s deg ee in philosophy and economics.
Gilbe F idgen is a ull p o esso and PayPal FNR PEARL Chai in
Digi al Financial Se ices a he In e disciplina y Cen e o Secu i y,
Reliabili y and T us (SnT), Uni e si y o Luxembou g, and coo di-
na o o he Na ional Cen e o Excellence in Resea ch on Finan-
cial Technologies (NCER-FT). In his esea ch, he analyzes he ans-
o ma i e e ec s o digi al echnologies on indi idual o ganiza ions
and on he ela ionship be ween o ganiza ions. He add esses espe-
cially eme ging echnologies like dis ibu ed ledge s, digi al iden i ies,
machine lea ning, and he in e ne o hings.
Jan Jöhnk is a p oduc owne a he comme cial insu ance company
HDI Global SE in Hano e , Ge many, and an a ilia ed esea che a
he FIM Resea ch Ins i u e o In o ma ion Managemen . He ecei ed
his doc o a e in In o ma ion Sys ems and S a egic IT Managemen
om he Uni e si y o Bay eu h and isi ed he Depa men o Dig-
i aliza ion a Copenhagen Business School o a esea ch s ay. In his
esea ch, Jan is especially in e es ed in ques ions o digi al ans o ma-
ion a he in e ace o IT o ganiza ion, IT managemen , and eme ging
echnologies.
S en Radszuwill is a depa men head o new p oduc s and se ices a
a heal h- ech so wa e company, o me esea che a he Uni e si y o
Bay eu h and F aunho e FIT in he a ea o digi al ne wo ks, p ojec
managemen , and dis ibu ed ledge echnologies.
Johannes Sedlmei is a pos doc o al esea che a he In e disciplina y
Cen e o Secu i y, Reliabili y and T us (SnT), Uni e si y o Lux-
embou g. In his esea ch, he ocuses on he e ec i e use o eme ging
digi al echnologies in o ganiza ions by designing and e alua ing inno-
a i e IT a i ac s based on, e.g., dis ibu ed ledge s, digi al iden i y
a es a ions, and ze o-knowledge p oo s.
123