New Papers from DADA Project led by Dr Lachlan D. Urquhart

Tue 24 August 2021

DADA

The University of Edinburgh Centre for Data, Culture and Society (CDCS) have recently had two new articles published under the Defence Against the Dark Artefacts (DADA): Requirements for Effective Smart Home Cybersecurity project work package, led by Dr Lachlan D. Urquhart, Lecturer in Technology Law at Edinburgh Law School.

About the DADA project

A smart home filled with smart appliances makes life simpler, but these appliance sometimes fail or don't receive software updates. Users are then potentially exposed to hackers, and smart appliances become “dark artefacts” - enemies within our walls.

Defence Against the Dark Artefacts (DADA) will explore the technical, sociological and legal requirements for effective smart home cybersecurity, focusing on the challenges resulting from the widely-adopted use of cloud services linked with smart devices in the home, where network infrastructure protection can be minimal.

Learn more about the DADA project

Newly published research articles

  • ‘They’re all about pushing the products and shiny things rather than fundamental security’:Mapping socio-technical challenges in securing the smart home (Taylor & Francis Online, 22 Jul 2021)

    Jiahong Chen, Lachlan Urquhart

    Insecure connected devices can cause serious threats not just to smart home-owners, but also the underlying infrastructural network. There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of IoT vendors and that of end-users. In addition to the current data protection and network security legal frameworks, for example, the UK government has initiated the ‘Secure by Design’ campaign. While there has been work on how organisations and individuals manage their own cybersecurity risks, it remains unclear to what extent IoT vendors are supporting end-users to perform day-to-day management of such risks, and what is stopping the vendors from improving such support. We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products useably secure: technical, legal and organisational. In this paper we further discuss the policymaking implications of these findings and make some recommendations.

    Read paper

     
  • Defence against the dark artefacts: Smart home cybercrimes and cybersecurity standards (Science Direct, 29 July 2021)

    Stanislaw Piasecki, Lachlan Urquhart, Professor Derek McAuley

    This paper analyses the assumptions underpinning a range of emerging EU and UK smart home cybersecurity standards. We use internet of things (IoT) case studies (such as the Mirai Botnet affair) and the criminological concept of ‘routine activity theory’ to situate our critique. Our study shows that current cybersecurity standards mainly assume smart home environments are (and will continue to be) underpinned by cloud architectures. This is a shortcoming in the longevity of standards. This paper argues that edge computing approaches, such as personal information management systems, are emerging for the IoT and challenge the cloud focused assumptions of these standards. In edge computing, data can be stored in a decentralised manner, locally and analysed on the client using federated learning. This can have advantages for security, privacy and legal compliance, over centralised cloud-based approaches, particularly around cross border data flows and edge based security analytics. As a consequence, standards should start to reflect the increased interest in this trend to make them more aspirational and responsive for the long term; as ultimately, current IoT architectures are a choice, as opposed to inherent. Our paper unpacks the importance of the adoption of edge computing models which could enable better management of external cyber-criminality threats in smart homes. We also briefly discuss challenges of building smart homes that can accommodate the complex nature of everyday life in the home. In addition to technical aspects, the social and interactional complexities of the home mean internal threats can also emerge. As these human factors remain unresolved in current approaches to smart home cybersecurity, a user's security can be impacted by such technical design choices.

    Read paper

 

Share

News & events