How to dynamically incentivize sufficient level of iot security

Abstract

This paper propose an incentive mechanism to secure large numbers of devices through the use of insurance based on smart contracts. It consists of the automated security evaluation of enterprise IoT devices and the creation of a dynamic insurance premium. To automate the security evaluation of enterprise IoT devices, we collect and store IoT device status data with privacy preservation on blockchain. Then, we track and assess the risk associated with IoT devices with the use of a smart contract. By monitoring this risk over time, we present a means to incentivize the resolution of vulnerabilities by measuring the latent risk in an environment as well as the vigilance of the devices’ managers in resolving these vulnerabilities. In this way, we produce a dynamic cyber insurance premium that more accurately captures the risk profile associated with an environment than existing cyber insurance. Through the use blockchain and smart contracts, this framework also provides public verification for both insured and insurer and provides a level of risk management for the insurer. We also present regulatory considerations in order for this scheme to meet supervisory requirements.