I was invited to deliver a presentation to the Institute of Engineering & Technology's EC3 Group on "Dealing with the Internet of Insecure Things". My talk provided an overview of the security challenges of the Internet of Things and argued that we should adopt human-centric engineering approaches to address these challenges.
Abstract: We are in an age of the ‘Internet of Everything’ where boundaries between citizens, governments, media, and societal organisations are becoming increasingly fuzzy as interconnected digital devices enable the collection and exchange of vast amounts of information across the globe. The availability of data gathered by these devices, coupled with advances in channels of digitally mediated communication, has created a host of new systems that are embedded into a range of human activities, including agriculture, energy, transportation, healthcare, policing, and education – creating the potential for a ‘smarter planet’. However, these cyber-physical, socio-technical systems also open the door to new threats from a range of sources, from attackers with malicious intent to opportunists exploiting vulnerabilities in systems to cause deliberate or accidental harm. Addressing these security challenges requires that we adopt human-centric engineering approaches that provide a systematic basis for developing effective security and privacy solutions.