Close
Using digital technologies to improve social security
UCL researchers have provided new insights into cybersecurity and the Internet of Things, leading to improved security, standards and policies.
28 April 2022
Researchers from UCL’s Departments of Science, Technology, Engineering and Public Policy (STEaPP) and Security and Crime Science are making the $248 billion world of internet-connected devices – from Amazon’s Alexa to smart lightbulbs and kettles – safer.
Using embedded and action research, the researchers have brought together diverse voices to explore security issues across the Internet of Things (IoT), uncovering new security risks posed by this technology and the policies needed to prevent them.
Together they have increased public awareness on gender and the IoT, and brought about improvements in IoT manufacturing practices.
Exposing cybersecurity risks
Professor Shane Johnson (UCL Department of Security and Crime Science) and team examined security risks associated with IoT devices alongside security claims made by device manufacturers, and consumer attitudes to security. They found that while many internet-connected devices are not secure by design, having weak passwords, no security updates, and offering limited encryption for sensitive data, consumers do value cybersecurity and are willing to pay for it.
The team demonstrated an information asymmetry in the marketplace, with device manufacturers often providing little or no information about security features to help consumers make informed decisions. These findings informed the UK’s Department of Culture Media and Sport (DCMS) approach to addressing the security of the IoT, and has helped to motivate new legislative proposals to provide consumers with more transparency.
Their work has influenced other governments too - for example, being used extensively in the Canadian Internet Society’s reports, and by the Canadian Internet Registration Authority – the body which makes recommendations for securing the IoT in Canada.
Guiding SMEs and policymakers
Dr Irina Brass’s (STEaPP) investigation into IoT policy revealed that while small and medium-sized businesses (SMEs) are essential in growing the IoT landscape, their influence is often left out of conversations on standards and policy setting processes. Through engagement including workshops with the British Standards Institution (BSI) – the UK’s national standards body, she has been successful in facilitating the inclusion of SMEs in standards-making processes, capturing their contribution in the BSI White Paper “Navigating and Informing the IoT Standards Landscape: A Guide for SMEs and Start-ups” (2019). This development has in turn provided guidance to other SMEs about how to navigate and inform IoT standards.
Professor Madeline Carr and Dr Alex Chung’s (both STEaPP) collaborative work with DCMS and the National Cyber Security Centre (NCSC) found that UK policymakers lacked effective resources to understand the cybersecurity landscape and make effective, evidence-based decisions. This acknowledgement saw the pair working with policymakers to create an interactive map of the rapidly developing UK cybersecurity policy landscape, including 2,400 data points and 2,000 weblinks. The map allows key policymakers to better understand and manage risks associated with cybersecurity in the UK.
Supporting domestic abuse victims
Dr Leonie Tanczer’s (STEaPP) team has shown that growing numbers of smart devices in homes open new opportunities for domestic abuse. The “Gender and IoT” project team worked with the London Violence against Women and Girls (VAWG) Consortium, and digital charity Privacy International, finding that as technology within our homes has changed, so have the types of gender-based abuse taking place.
Their pioneering work has informed charity guidelines, training, and professional practice to support domestic abuse victims. This includes guidance from the National Cybersecurity Centre, a citation in the Product Security and Telecommunications Infrastructure Bill, and several references in charity and practitioner guidance.
The research has also introduced the topic of IoT-facilitated abuse into UK political discourse, and the national media have taken interest through, amongst others, a BBC article “How your smart home devices can be turned against you” and The Evening Standard profiling Dr Tanczer in “The Progress 1000: London's most influential people 2019 – Technology: Cyber Security”.
Research synopsis
Digital technologies for Social Security
Researchers in UCL’s Departments of Science, Technology, Engineering and Public Policy (STEaPP) and Security and Crime Science (SCS) have provided new insights into cybersecurity and the Internet of Things (IoT) leading to improved security, standards and policies. Their work has increased public awareness on gender and the IoT, and brought about improvements in IoT manufacturing practices.
Links
- Professor Shane Johnson’s academic profile
- Professor Madeline Carr’s academic profile
- Dr Irina Brass’ academic profile
- Dr Leonie Tanczer’s academic profile
- Dr Alex Chung’s academic profile
- UCL Department of Security and Crime Science
- UCL Department of Science, Technology, Engineering and Public Policy
- UCL Faculty of Engineering Sciences
- UCL Faculty of Engineering Sciences REF 21
Image
- Image credit: Pexels / Vidal Balielo Jnr