Over recent years, AI and machine learning advancements have transformed our lives by enabling enhanced performance, adaptation and personalization.
At the same time, the Internet of Things (IoT) has been at the forefront of a transformation allowing novel capabilities, such as real-time monitoring, situational awareness and intelligence, as well as the remote control of devices.
This is happening everywhere around us, from our smart phones to the smart TVs and other devices in our homes, to the wearable devices that monitor our health and even the smart meters that promise a more sustainable grid.
Devices that are capable of sensing their surrounding environments are becoming far more prominent, with the ability to record audio and images, communicate and then use this data to make or suggest decisions, or even take action. In some cases, in a completely autonomous way.
However, can these technologies be reliably and safely deployed for the control of safety-critical systems such as the power grid, transportation networks, intelligent buildings and healthcare IoT devices? What happens if the information they use is not reliable? This can occur for a number of reasons, including sensor faults, communication problems, human errors or cyber-attacks.
The Disappearing Cyber-Physical Boundary
As connected technologies take on more critical functions – from managing power grids and hospitals to transport networks and industrial sites – the boundary between cyber and physical risk is disappearing.
One flaw in an IoT device or an AI-driven control system can now have real-world consequences. It is therefore vitally important to address vulnerabilities in AI-based and IoT systems, considering every phase of the systems, starting from the design stage right up until the real-time operation, including data acquisition, communication and processing.
This is particularly important in the context of energy systems and infrastructure. McKinsey Global Institute has estimated the economic impact of IoT for energy and power systems in 2025 to be in the range of $200bn to $500bn. The sector is seeking to transform existing electric and energy systems into intelligent cyber-enabled ones, which are efficient, resilient and sustainable.
The role of IoT is to provide a sustainable solution to dynamic energy management by maximizing revenue generation, minimizing energy costs and reducing carbon emissions. IoT is empowering energy systems by providing situational awareness, monitoring and distributing control of renewable energy.
As an example, smart meters and smart chargers for Electric Vehicles (EVs) allow us to make informed decisions when it comes to the best time to use our appliances and purchase electricity, in order to reduce our costs. They also support operators and energy providers to plan and optimize the control of the grid, by reducing uncertainty in demand and renewable generation. This is key to boosting net zero targets.
The promises of smart meters, EVs and smart buildings all rely on having access to a large quantity of data, which has been made possible thanks to the advancements and affordability of sensing and communication technologies.
Yet there is a very real risk should an attacker compromise or modify the communicated sensor data and gain control of connected energy devices. Cyber threat actors could potentially modify sensors or meter readings to provide an economic advantage or disadvantage to operators and their customers. They could even take control of a large number of devices simultaneously in order to destabilize the power grid, causing blackouts.
This is no longer a remote possibility as the energy sector has become a primary target for cyber-attacks. Indeed, there has been a notable change in the use of cyber-attacks to cause physical consequence.
This was seen in incidents including the disruption of power distribution in Ukraine in 2015, 2016 and 2022. The number of reported attacks in recent years is also continuing to increase, especially in the building, automation and energy sectors – which had the potential to result in injuries or even loss of life.
The manufacturing sector is not immune either, as evidenced by the 2014 German steel plant attack, which caused the improper shut down of a blast furnace.
Building in System Resiliency
IoT security vulnerabilities present significant issues that could affect the safety and reliability of the systems where the devices are operating. It is vital to clearly identify vulnerabilities in IoT systems starting from the design stage, rather than having to retrofit.
In order to make full use of the technology and mitigate the associated risks, we must first understand novel potential security and safety risks. It is then essential to define novel strategies to make our systems resilient.
A holistic approach must be taken, which takes into account all components of the IoT system, from the design through to the operation. In this sense, the adoption of digital twins and the integration of expert knowledge can help monitoring the behaviour of the system and detect the presence of potential cyber-attacks targeting the functioning of systems.
Cybersecurity is no longer just a concern for computer scientists. Engineers and field experts have a vital role to play too. As our world becomes ever more interconnected, a systems perspective is required for ensuring security, safety and resilience.
