Abstract
This paper describes challenges within IoT ecosystems from the perspective of cybersecurity testing along with a proposed approach to address them that will be investigated in a recently started Horizon Europe project named TELEMETRY. The key observations regarding the design of the framework are summarised as follows. There is a need to consider the full lifecycle of IoT components – at their design time, their integration into systems, and operation of those systems. Threats and risks can propagate when components are connected together in systems - vulnerabilities in one component can affect other components in a system. IoT devices present limitations to current testing and management due to geographical distribution, opacity and limited processing power. Risk assessment fulfils an important requirement because it enables assessment of what elements are important to the system’s stakeholders, how these elements may be compromised, and how the compromises may be controlled. Feedback from operational monitoring of IoT devices can inform firmware updates / patches to the devices but there is a significant challenge in rolling out these patches to multiple low-power devices geographically distributed