‘They’re all about pushing the products and shiny things rather than fundamental security’:Mapping socio-technical challenges in securing the smart home

IF 1.8 Q1 LAW

Information & Communications Technology Law Pub Date : 2021-05-25 DOI:10.1080/13600834.2021.1957193

Jiahong Chen, Lachlan D. Urquhart

{"title":"‘They’re all about pushing the products and shiny things rather than fundamental security’:Mapping socio-technical challenges in securing the smart home","authors":"Jiahong Chen, Lachlan D. Urquhart","doi":"10.1080/13600834.2021.1957193","DOIUrl":null,"url":null,"abstract":"ABSTRACT Insecure connected devices can cause serious threats not just to smart home-owners, but also the underlying infrastructural network. There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of IoT vendors and that of end-users. In addition to the current data protection and network security legal frameworks, for example, the UK government has initiated the ‘Secure by Design’ campaign. While there has been work on how organisations and individuals manage their own cybersecurity risks, it remains unclear to what extent IoT vendors are supporting end-users to perform day-to-day management of such risks, and what is stopping the vendors from improving such support. We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products useably secure: technical, legal and organisational. In this paper we further discuss the policymaking implications of these findings and make some recommendations.","PeriodicalId":44342,"journal":{"name":"Information & Communications Technology Law","volume":null,"pages":null},"PeriodicalIF":1.8000,"publicationDate":"2021-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/13600834.2021.1957193","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information & Communications Technology Law","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/13600834.2021.1957193","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"LAW","Score":null,"Total":0}

引用次数: 3

Abstract

ABSTRACT Insecure connected devices can cause serious threats not just to smart home-owners, but also the underlying infrastructural network. There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of IoT vendors and that of end-users. In addition to the current data protection and network security legal frameworks, for example, the UK government has initiated the ‘Secure by Design’ campaign. While there has been work on how organisations and individuals manage their own cybersecurity risks, it remains unclear to what extent IoT vendors are supporting end-users to perform day-to-day management of such risks, and what is stopping the vendors from improving such support. We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products useably secure: technical, legal and organisational. In this paper we further discuss the policymaking implications of these findings and make some recommendations.

查看原文本刊更多论文

“他们都在推销产品和闪亮的东西，而不是基本的安全”:绘制智能家居安全中的社会技术挑战

摘要连接不安全的设备不仅会对智能家居用户造成严重威胁，还会对底层基础设施网络造成严重威胁。从物联网供应商和最终用户的角度来看，学术界和监管部门对解决网络安全风险越来越感兴趣。例如，除了当前的数据保护和网络安全法律框架外，英国政府还发起了“设计安全”运动。虽然已经就组织和个人如何管理自己的网络安全风险进行了研究，但目前尚不清楚物联网供应商在多大程度上支持最终用户对此类风险进行日常管理，以及是什么阻止了供应商改进此类支持。我们采访了物联网领域的13位专家，确定了使物联网产品安全使用的三大障碍：技术、法律和组织。在本文中，我们进一步讨论了这些发现对政策制定的影响，并提出了一些建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information & Communications Technology Law LAW-

CiteScore

3.10

自引率

0.00%

发文量

期刊介绍： The last decade has seen the introduction of computers and information technology at many levels of human transaction. Information technology (IT) is now used for data collation, in daily commercial transactions like transfer of funds, conclusion of contract, and complex diagnostic purposes in fields such as law, medicine and transport. The use of IT has expanded rapidly with the introduction of multimedia and the Internet. Any new technology inevitably raises a number of questions ranging from the legal to the ethical and the social. Information & Communications Technology Law covers topics such as: the implications of IT for legal processes and legal decision-making and related ethical and social issues.