By Dr Uchenna D Ani, Post-Doctoral Research Fellow with the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, UCL STEaPP

Security designs should not consider technical details alone but should capture the bigger picture of the co-interacting participants that provide critical services.

Critical National Infrastructure (CNI) systems need cybersecurity, physical security and personnel security.  CNI systems use networks of diverse technologies (hardware and software) to enable the exchange of data and information. Generally, this involves socio-technical systems (STS) – people interacting with the technology and working together as a single system structured to achieve operational objectives.

Integrating the internet and the Internet of Things (IoT) with CNI systems enable greater capabilities for remote, autonomous sensing. Integration supports smarter control, monitoring, predictive maintenance, safety, and security management, but the convergence brings new security risks that demand serious attention. Geoff E, of the UK National Cyber Security Centre (NCSC), highlights the need to consider such systems as a whole rather than the sum of individual components. A holistic perspective is therefore necessary to achieve more all-embracing security.

(more…)

By Dr Jose Tomas Llanos, Research Fellow in PACE (Privacy Aware Cloud Ecosystems) at UCL STEaPP

Data Protection Day (or Data Privacy Day outside Europe) is an international holiday held every year on 28 January. The declared purpose of this holiday is “to give everyone a chance to understand what personal data is collected and processed and why, and what our rights are with respect to this processing.”[1] The date was not randomly chosen: it is the anniversary of the opening for signature, in 1981, of Council of Europe’s Convention 108 for the Protection of individuals with regard to automatic processing of personal data.[2]

Image courtesy of Pexels

Convention 108 introduced the concept of ‘protection of personal data’, as well as important data protection principles that were later enshrined in the Data Protection Directive[3] and included (in a somewhat more elaborate fashion) in the General Data Protection Regulation (GDPR)[4]: personal data must be obtained and processed fairly and lawfully (lawfulness and fairness); stored for specified and legitimate purposes and not used in a way incompatible with those purposes (purpose limitation); adequate, relevant and not excessive in relation to the purposes for which they are stored (i.e. data minimisation); accurate and, where necessary, kept up to date (accuracy); and preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored (storage limitation).[5]

(more…)

PETRAS National Centre of Excellence for IoT Systems Cybersecurity took a first step to understand the needs and expectations of people with special requirements, starting with those with hearing loss, in their engagement with Internet of Things (connected devices) in their domestic environment. We organised a workshop on the 29^th October 2019 which received interest and representation from a broad range of stakeholders, including technology developers, researchers, representatives of various UK groups for people with hearing loss (both the profoundly deaf and hard-of-hearing and cochlear implant users), as well as some individual end-users with hearing loss.

Kruakae Pothong led the workshop design, building on deliberation and value sensitive design, with the support of Claire Milne, a PETRAS Associate and LSE Visiting Senior Fellow, and Sarah Turner, a STEaPP Digital Technology and Public Policy MPA graduate. The workshop opened with participants sharing their experiences of technology in domestic life and the adjustments made to support various types of hearing loss. Participants were then asked to collectively define what they find problematic about their experience.

(more…)

By Feja Lesniewska and DTPL Team

Digital Technology and Policy Laboratory (DTPL) members in UCL STEaPP presented their research as a panel at the Data for Policy international conference held in UCL in June 2019.

Topics covered in their talks included: the governance of the Internet of Things, trust and human control over data sharing in complex digital ecosystems, the design of cybersecurity policy, and the challenges to cybersecurity best practice in critical infrastructure. Numerous high-quality presentations representing a diverse range of international organisations and subject matter were delivered during the two-day event. The conference is a premier global forum for interdisciplinary and cross-sector discussions around the impact and potential of the digital revolution in the government sector. It is supported by a large number of key stakeholders, including prestigious academic institutions, government departments, international agencies, non-profit institutions, and businesses.

(more…)