<p>The
Internet of Things (IoT) is creating a network of cyber-physical devices –
sensors, actuators, and other devices, which monitor and control physical
systems, such as manufacturing facilities operating with the Industry 4.0
paradigm, while collecting and sharing massive data globally over the internet.
As the IoT security landscape evolves, so does the “cyber mafia,” which targets
cyber-physical systems from the corporate level all the way to Industry 4.0 floor-shop
control systems, in which IoT is a key component. IoT devices are becoming
ubiquitous and controllable from hand-held devices, raising the potential to
disrupt or destroy large industrial complexes in a touch of a screen if not
protected properly. This growing risk mandates the adoption of new approaches
to incorporating rigorous security standards into IoT systems as early as
possible in their system lifecycle. A methodology is presented for incorporating
into IoT systems security as a bona fide, quantifiable attribute that is built into
the components (objects) and operations (processes). To this end, the synergy
of combining model-based systems engineering with embedded IoT system security
is leveraged. At the heart of the methodology is a combined
qualitative-quantitative IoT OPM model of the system with security scores,
which provides for evaluating underlying system configurations, each with its
level of security and possibly other optimization criteria. This approach
enables balancing IoT systems’ metrics, such as performance and cost, with security,
and even optimizing the system under specified constraints.</p>