The widespread adoption of the Internet of Things (IoT) technologies has drastically increased the breadth and depth of attack surfaces in networked systems, providing new mechanisms for the intrusion. In the context of smart-world critical infrastructures and cyber-physical systems, the rapid adoption of the IoT systems and infrastructures without thorough consideration for the risks and vulnerabilities has the potential for catastrophic damage to the privacy, safety, and security of individuals and corporations. While the IoT systems have the potential to increase productivity, accountability, traceability, and efficiency, their potential weaknesses are also more abundant. In this paper, we provide critical consideration of the security of the IoT systems as applied to smart-world critical infrastructures. Particularly, we carry out a detailed assessment of vulnerabilities in IoT-based critical infrastructures from the perspectives of applications, networking, operating systems, software, firmware, and hardware. In addition, we highlight the three key critical infrastructure IoT-based cyber-physical systems, namely the smart transportation, smart manufacturing, and smart grid. Moreover, we provide a broad collection of attack examples upon each of the key applications. Furthermore, we introduce a case study, in which we assess the impacts of potential attacks on critical IoT-based systems, using the smart transportation system as an example. Finally, we provide a set of best practices and address the necessary steps to enact countermeasures for any generic IoT-based critical infrastructure system. INDEX TERMS Cyber-physical systems, Internet of Things, security, critical infrastructure, case study, computing infrastructure. I. INTRODUCTION Advances in information communication technologies have given rise to the Internet of Things (IoT), which will play an increasingly important role in our daily lives [1]-[3]. In IoT, the massive number of deployed IoT devices (sensors, actuators, etc.) will be connected to collect data related to objects in critical infrastructures, including city and government, industrial manufacturing, energy, transportation, healthcare, and public safety infrastructures, among others, supporting numerous smart-world systems. The examples of such systems are smart manufacturing, smart cities, smart grid, smart transportation, smart home, and smart health systems, to name a few [4]-[11]. The associate editor coordinating the review of this manuscript and approving it for publication was Jinsong Wu.
