Jump to: navigation, search
Security in IoT for Smart Grids
Home Research Security Centre Publications Student corner About

T3.2 Security usability

Task Title Security usability in IoT ecosystem
Lead partner HiG
Contributors NR, ESmart Systems, NCE Smart, HiG
edit this task


This task will

  • analyse conflicting incentives for IoT, based on the IoTSec ecosystem of T4.1
  • establish a platform for multi-shareholder risk analysis
  • create impact assessement for shareholder in the IoTSec ecosystem
  • provide estimates of the impact of IoTSec research results in economic terms

Deliverables in T3.2 Security usability

 TitleDue monthLead partnerEditorDissemination level
D3.2.1Psychological Profiling for Risk Analysis (draft)M24NTNUEinar SnekkenesPublic
D3.2.2Incentives and Usability for IoT Security (intermediate)M36NTNUEinar SnekkenesPublic

Add Deliverable


Note: Task 3.2 will first start after M12

Task 3.2 comprises the following subtasks:

  • The IoTSec eco system (IoTSec PhD NN1 + HIG researcher) - moved moved to T4.1
  • T3.2.1 - Conflicting Incentives Risk Analysis for IoT (IoTSec PhD NN1) - like: conflicting incentives, would rather prefer to call it Incentives and Usability for IoT Security
  • T3.2.2 - Impact assessment (IoTSec PostDoc NN1) - I would see impact assessment as an industrial activity rather than research

T3.2.1 - Conflicting Incentives Risk Analysis for IoT

This task is build on the IoTSec ecosystem established in T4.1, and analyse the conflicting incentives.

Risk management of the interface between humans and technology in an IoT setting follows the CIRA privacy risk analysis from the PETweb II project ( to the design of risk-based adaptive security and privacy.

Activities: Each scenario x (0 < x < 6) identified/constructed from T3.2.1 is addressed through the following list of activities:

  • T3.2.2.x.1 Identification and analysis of privacy, cyber, information security risks for scenarios identified in T3.2.1.
  • T.3.2.2.x.2 Mechanisms to modify the perceived incentive structures such as to align stakeholder interests will be developed and analysed. This task will develop a library of utility factors suitable for an IoT setting involving critical infrastructure. Furthermore, we will ...(missing text here)
  • T3.2.2.x.3 Identify and construct stakeholder archetypes and strategy taxonomies matching the smart grid operator requirements.


  • Functional description of risk platform for IoT multi-operator (M12)
  • A platform for cost effective risk analysis platform based on CIRA/PETweb II results, suitable for IoT critical infrastructure projects (M24)
  • Risk analysis of the system to be used by the infrastructure operators in their decision making (M36)
  • 3. A completed PhD.

Partners: Lead HIG

Deliverables: One conference article for each of the key scenarios identified. One journal article. - Comment: what are the key scenarios?

T3.2.2 - Impact assessment


  • Provide estimates of the impact of IoTSec research results in economic terms in a micro economic business perspective.

Activities: Identification and analysis of issues that influence the impact of project results, including

  1. An analysis and mapping of economic (commercial, technological, social and regulatory) incentives to invest in security controls that improve the data integrity, privacy, and service resilience in IoT for smart grids.
  2. A cost-benefit analysis of smart grid technologies with respect to service resilience, security data integrity and privacy. A valuation of economic value of security measures with respect to data security and privacy at macro and micro levels.
  3. An assessment of existing financial instruments and development of novel financial instruments to incentivize investments in security in IoT for smart grids and to distribute the risk among the stakeholders.


  • A projection of the impact of technological project results, expressed in economic terms (M24)


  • Lead HIG, NCE, ESmart Systems.


  • 3 technical reports,
  • 3 conference articles.


  • How to we note the deliverables?...
  • Looks like that we have a miss-match between "amount of work" and number of deliverables, T3.2.1 versus T3.2.2