Defence Against the Dark Artefacts (DADA): Requirements for Effective Smart Home Cybersecurity
A smart home filled with smart appliances makes life simpler, but these appliance sometimes fail or don't receive software updates. Users are then potentially exposed to hackers, and smart appliances become “dark artefacts” - enemies within our walls.
Defence Against the Dark Artefacts (DADA) will explore the technical, sociological and legal requirements for effective smart home cybersecurity, focusing on the challenges resulting from the widely-adopted use of cloud services linked with smart devices in the home, where network infrastructure protection can be minimal.
Lachlan Urquhart, Lecturer in Technology Law at Edinburgh Law School, is a co-investigator for the DADA project:
The face of Internet of Things (IoT) cybersecurity has been rather gloomy for at least the past 5 years. Cases of devices being hacked, becoming part of botnets or subject to ransomware attacks are a frequent occurrence. As we bring these smart speakers, locks and intelligent thermostats into the home, we need to think about the level of physical and informational security risks, who is responsible for managing them and how they should act. Often home occupants are not well placed to address threats due to lack of skills, awareness or time. Many new and established IoT companies are still working out what it means to build devices that are secure by design. Nevertheless, we are beginning to see the UK regulatory environment shift by requiring increased action from IoT vendors to create safer devices. Similarly, technical shifts towards edge computing are enabling better network threat management and user empowering local personal data management tools. In the DADA project we are bringing together perspectives from sociologists, computer scientists, lawyers, industry and more to better understand these emergent smart home security risks and formulate best strategies to address them.
Lachlan is working in collaboration with colleagues at the University of Nottingham, University of Cambridge, Imperial College London, and with industry partners such as ARM, BT, and Cisco, among others. The project is one of 11 currently funded by the Engineering and Physical Sciences Research Council (EPSRC), aiming to further understanding of Trust, Identity, Privacy and Security issues in the Digital Economy.