Defence Against Dark Artefacts: An Analysis of the Assumptions Underpinning Smart Home Cybersecurity Standards

As part of the EPSRC Defence Against Dark Artefacts (DADA) project, this paper analysesthe assumptions underpinning a range of smart home cybersecurity standards. We use case studies (suchas the Mirai Botnet affair) and the criminological concept of ‘routine activity theory’ to situate our analysis.Our study shows that current cybersecurity standards mainly assume smart home environments areunderpinned by cloud architectures, which is a shortcoming. This paper argues that edge computingapproaches, such as those typified by the Databox system, are emerging and challenge the cloud focusedassumptions of these standards. In edge computing, data is stored at the edge of the network, locally on thedevice, which can have advantages for security, privacy and legal compliance, over cloud-basedapproaches. As a consequence, standards should start to reflect the increased interest in this trend to makethem more aspirational and show other data architectures are possible that can benefit designers andcitizens. We hope that our paper may influence researchers, policy makers and IoT stakeholders to worktowards the adoption of edge computing models, to better manage external cyber-criminality threats insmart homes. We also briefly discuss that standards currently do not account for the complex nature ofeveryday life in the home. In addition to technical aspects, the social and interactional complexities of thehome mean internal threats can emerge too.