Month: February 2021

Some initiatives to help secure smart home devices

/ bugejajoseph / Leave a comment

Smart home devices make people’s lives more efficient. However, implementing cyber security of smart home devices is just as important as the physical security of our homes. Below are three popular initiatives by governments to help secure consumer IoT, particularly smart home devices.

  • The Department for Digital, Culture, Media, and Sport (DCMS) published a Code of Practice titled “Code of Practice for Consumer IoT Security” to support all parties involved in the development, manufacturing, and retail of consumer IoT. Essentially DCMS guidelines are proposed to ensure that IoT products are secure-by-design and to make it easier for people to stay secure in a digital world.
  • The Federal Trade Commission (FTC) proposed in a detailed report on the IoT concrete steps that businesses can take to enhance and protect consumers’ privacy and security. Additionally, it introduced further guidance for companies to implement “reasonable security” in order to actively enhance and protect consumers’ IoT privacy and security.
  • The European Union Agency for Cybersecurity (ENISA) in their publication titled “Security and Resilience of Smart Home Environments” present examples of actions for users to perform in order to: choose a smart home device securely, operate a smart home device securely, and use online services for smart home securely.  ENISA later introduced good practices guidelines for securing IoT products and services throughout their lifetime.

There are a number of measures and practices identified by the three bodies above that apply to different IoT stakeholders. The stakeholders can range from device manufacturers to service providers to mobile application developers, and more. One core recommendation that applies, especially to the device manufacturers, is that of having no default passwords. The recommendation of changing the device’s password, and potentially have a unique password for every device, is something that I emphasize.

In case you want to know more about how to secure your smart home or are simply curious about IoT security and privacy, you are welcome to get in touch.

Initiatives being brewed by governments to strengthen the IoT privacy and security

/ bugejajoseph / Leave a comment

Last week, I have been asked by several news reporters what can be done to have more secure and privacy-preserving smart home technologies. In this post, I focus on some of the more recent and upcoming regulations and initiatives that are affecting, and likely to affect it more in the future, the IoT world. Purposely, I exclude the EU GDPR  and its US counterpart the CCPA, as I will talk about those in a separate post.

  • The EU ePrivacy Regulation. This  EU regulation aims to ensure privacy in all electronic communications – including instant messaging apps and VoIP platforms, and machine-to-machine communications such as the IoT. Also, it carries an identical penalty regime for non-compliance as the GDPR.
  • The EU Cybersecurity Act. This establishes an EU-wide cybersecurity certification framework for digital products, services, and processes. This includes the IoT, cloud infrastructure and services, threat intelligence in the financial sector, electronic health records in healthcare, and qualified trust services.
  • The IoT Cybersecurity Improvement Act of 2020. This new US law establishes minimum security requirements for IoT devices owned or controlled by the federal government. Specifically, it requires any IoT devices purchased by the federal government to comply with the NIST standards and guidelines.

In the future, I will talk about some of the standards and best practice frameworks that can help organizations develop secure and privacy-preserving IoT technologies. Also, I will suggest some guidelines that consumers can adopt to secure their home devices.

Successfully Defended my PhD Dissertation

/ bugejajoseph / Leave a comment

I am pleased to announce, that on Thursday, 11th February, I successfully defended my PhD dissertation in Computer Science, titled On Privacy and Security in Smart Connected Homes.  This was a journey that has been incredible and exciting, to say the least. It took close to 6 years, including taking 12 PhD courses, writing 10 main publications,  authoring and co-authoring 6 other supplementary publications, traveling to 8 different countries, and hundreds of hours of writing.  A heartfelt thanks to all the people who have been part of my journey, especially to my academic advisors – Dr. Andreas Jacobsson and Prof. Paul Davidsson.

Book Cover

Here is a link to access my doctoral defence presentation.