I. Introduction
There is an increasing rich use of different types of Cyber-physical systems (CPS)-Internet of Things (IoT) applications for eHealth and welfare, ranging from provider-driven managed monitoring of humans during daily-life, to self-driven monitoring of humans, and social data aggregation and marketing. Cisco estimates that by 2020, more than 50 billion objects will be socially connected with the help of IoT and cloud technology. More recently, CPS-IoTs are being developed with the capability to learn, reason, and understand both physical and social worlds by themselves, simulating the cognitive behaviour of humans – a cognitive CPS-IoT. "In knowledge-intensive environments, the smartest uses of the IoT will be those that enable the ingrained capabilities of human thinking to take centre stage." [1]. However, all this introduces new challenges: (i) increasing cognitive complexity of CPS-IoTs can lead to unexpected emergent behaviour; (ii) cognitive CPS-IoT will suffer from traditional CPS-IoT vulnerabilities and threats [2], and new threats related to their inherent cognitive functionalities; (iii) "70% of the most commonly used IoT devices … can be hacked … 80% of these devices raised privacy concerns regarding the collection of sensitive data, e.g. for health" [3]; and (iv) CPS-IoT’s ubiquity will present a significantly expanded attack surface making the public safety risks higher for critical infrastructure through its interfaces and improved flexibility of access to services and information.