How to Dynamically Incentivize Sufficient Level of IoT Security

Abstract

This paper propose an incentive mechanism to make large number of device secure based on insurance by smart contracts. It con- sists of the automated security evaluation of enterprise IoT devices and the creation of a dynamic insurance premium. To automate the security evaluation of enterprise IoT devices, we collect and store IoT device sta- tus data with privacy preservation on blockchain. Then, we track and assess the risk associated with IoT devices with the use of a smart con- tract. By monitoring this risk over time, we present a means to incentivize the resolution of vulnerabilities by judging the latent risk in an environ- ment as well as the vigilance of the devices’ managers in resolving these vulnerabilities. In this way, we produce a dynamic cyber insurance pre- mium that more accurately captures the risk profile associated with an environment than existing cyber insurance. Through the use blockchain and smart contracts, this framework also provides public verification for both insured and insurer and provides a level of risk management for the insurer. We also present regulatory considerations in order for this scheme to meet supervisory requirements.