Security Unified Model for the Internet of Things (IoT) Residential Gateway Using Model-Based Systems Engineerin

It is predicted that there will be 50 billion or more connected devices by the year 2020, ranging from connected wearable watches to smart cars and beyond. We are living in a true Internet of Things (IoT). On February 13, 2015, at the Cyber Security Summit at Stanford University in California, former President Obama announced an executive order directing more data sharing on network threats between government and businesses. Both government public sectors and U.S. companies are facing new security challenges in protecting critical infrastructures, where software applications in cloud computing platform control all IoT systems and interact in a real-time mode with existing physical environments, such as power systems, water systems, banking systems, healthcare systems, and so on. These policies are mandated to reinforce the need for holistic thinking about security and risk management at large-scale and future-proof design. The National Institute of Standards and Technology (NIST) was assigned to lead the development of a framework to reduce cyber risks to critical infrastructure called the "Cybersecurity Framework," which includes a set of standards, methodologies, procedures, best practices for information security, and processes that align policy, business, and technological approaches to address cyber risks. The NIST framework is one of the most complex IT frameworks. Implementation and governance of such a complex IT framework is an opportunity to fully utilize systems engineering processes vii (SEPs) to model this IoT security framework (NIST 2015). Both private sectors and governmental entities are responsible for making IoT a secured landscape to protect their consumers and citizens. "Additionally, civil society groups and nongovernmental organizations played key roles in the development of the Internet and continue to analyze and evaluate private-sector practices and to establish norms, expectations, and principles for online behavior. Crucially, the Internet's users must bear responsibility and learn to use tools that enable a safe and secure online experience" (Senges, Ryan, Whitt & Cerf, 2016).;This Praxis focuses on using model-based systems engineering to introduce a software-defined integrated security unified model (iSUM) for an IoT residential gateway that can lead to the reduction of security vulnerability from attacks and the detection of security issues in the design phase of a systems engineering lifecycle. Model-based systems engineering (MBSE) has become one of the turn-key solutions in systems engineering practices. Per the International Council on Systems Engineering (INCOSE), MBSE is the formalized application of modeling to support system requirements, design, analysis, verification, and validation process throughout the system's lifecycle. This work defines the enabling MBSE as the modernized systems engineering process that aims to provide a holistic modelcentric methodology to address IoT security for residential gateway design. After a thorough literature review of available system engineering methods for IoT security design, an IoT iSUM is built along with a case study example demonstrating successful use of the iSUM.