Threat Modeling Intimate Partner Violence: Tech Abuse as a Cybersecurity Challenge in the Internet of Things

Technology-Facilitated abuse, so-called “tech abuse,” through phones, trackers, and other emerging innovations, has a substantial impact on the nature of intimate partner violence (IPV). The current chapter examines the risks and harms posed to IPV victims/survivors from the burgeoning Internet of Things (IoT) environment. IoT systems are understood as “smart” devices such as conventional household appliances that are connected to the internet. Interdependencies between different products together with the devices' enhanced functionalities offer opportunities for coercion and control. Across the chapter, we use the example of IoT to showcase how and why tech abuse is a socio-technological issue and requires not only human-centered (i.e., societal) but also cybersecurity (i.e., technical) responses. We apply the method of “threat modeling,” which is a process used to investigate potential cybersecurity attacks, to shift the conventional technical focus from the risks to systems toward risks to people. Through the analysis of a smart lock, we highlight insufficiently designed IoT privacy and security features and uncover how seemingly neutral design decisions can constrain, shape, and facilitate coercive and controlling behaviors

Networked world: Risks and opportunities in the Internet of Things

The Internet of Things (IoT) – devices that are connected to the Internet and collect and use data to operate – is about to transform society. Everything from smart fridges and lightbulbs to remote sensors and cities will collect data that can be analysed and used to provide a wealth of bespoke products and services. The impacts will be huge - by 2020, some 25 billion devices will be connected to the Internet with some studies estimating this number will rise to 125 billion in 2030. These will include many things that have never been connected to the Internet before. Like all new technologies, IoT offers substantial new opportunities which must be considered in parallel with the new risks that come with it. To make sense of this new world, Lloyd’s worked with University College London’s (UCL) Department of Science, Technology, Engineering and Public Policy (STEaPP) and the PETRAS IoT Research Hub to publish this report. ‘Networked world’ analyses IoT’s opportunities, risks and regulatory landscape. It aims to help insurers understand potential exposures across marine, smart homes, water infrastructure and agriculture while highlighting the implications for insurance operations and product development. The report also helps risk managers assess how this technology could impact their businesses and consider how they can mitigate associated risks

Receiving threatening or obscene messages from a partner and mental health, self-harm and suicidality: results from the Adult Psychiatric Morbidity Survey

PURPOSE: Threatening or obscene messaging is repeated, unwanted texts, emails, letters or cards experienced by the recipient as threatening or obscene, and causing fear, alarm or distress. It is rarely examined as an aspect of intimate partner violence. We describe the prevalence of exposure to threatening/obscene messaging from a current or ex-partner; characteristics of victims; and associations with other forms of violence and abuse, mental disorder, self-harm, and suicidality. METHODS: Cross-sectional probability-sample survey of the general population in England aged 16 + . Multivariable regression modelling tested associations between receipt of threatening/obscene messaging and current common mental disorder, past-year self-harm and suicidality. RESULTS: Threatening/obscene messages were received from a current/ex-partner by 6.6% (95%CI: 5.9-7.3) of adults who had been in a relationship; 1.7% received these in the past year. Victims were more likely to be female, under 35, single or divorced, socioeconomically disadvantaged, and to have experienced other forms of sexual and partner violence and abuse. Those who received threatening/obscene messages in the past year were more likely to experience common mental disorder (adjusted odds ratio 1.89; 1.01-3.55), self-harm (2.31; 1.00-5.33), and suicidal thoughts (2.00; 1.06-3.78). CONCLUSION: Threatening/obscene messaging commonly occurs in the context of intimate partner violence. While often occurring alongside sexual and physical violence, messaging has an additional association with mental disorder and suicidality. Routine enquiry in service settings concerning safety, including those working with people who have escaped domestic violence, should ask about ongoing contact from previous as well as current partners. This should include asking about messaging, as well as other forms of potentially technology-enabled abuse which may become increasingly common

Standardising a moving target: The development and evolution of IoT security standards

The standards landscape for IoT security is currently developing in a fragmented manner. This paper provides a review of the main IoT security standards and guidelines that have been developed by formal standardisation organisations and transnational industry associations and interest alliances to date. The review makes three main contributions to the study of current IoT standards-development processes. First, governments and regulatory agencies in the EU and the US are increasingly considering the promotion of baseline IoT security requirements, achieved through public procurement obligations and cybersecurity certification schemes. Second, the analysis reveals that the IoT security standards landscape is dominated by de facto standards initiated by a diverse range of industry associations across the IoT ecosystem. Third, the paper identifies a number of key challenges for IoT security standardisation, most notably: a) the difficulty of setting a baseline for IoT security across all IoT applications and domains; and b) the difficulty of monitoring the adoption, implementation and effectiveness of IoT security standards and best practices. The paper consequently contributes to a better understanding of the evolution of IoT security standards and proposes a more coherent standards development and deployment approach

Governance and Policy Cooperation on the Cyber Security of the Internet of Things

This report was based on a workshop. The impetus for this workshop was the recognition that international policy cooperation on the cybersecurity aspects of the IoT has made little progress. This is due in part to a failure to establish a functioning community of technicians and policymakers who are jointly focusing on these issues. From a technical perspective, the IoT will significantly increase opportunities to breach security via new attack surfaces. For policymakers, the heightened insecurity created by the rapid expansion of the IoT marks a significant governance challenge. Addressing these security deficiencies will require an increase in the capacity to share threat information as well as a range of innovative technical and policy solutions. The workshop marked a starting point in building a global community of security practitioners and policymakers who are interested in these issues and who are working on similar topics

Emerging risks in the IoT ecosystem: Who's afraid of the big bad smart fridge?

Rapid technological innovations, including the emergence of the Internet of Things (IoT), introduce a range of uncertainties, opportunities, and risks. While it is not possible to accurately foresee IoT's myriad ramifications, futures and foresight methodologies allow for the exploration of plausible futures and their desirability. Drawing on the futures and foresight literature, the current paper employs a standardised expert elicitation approach to study emerging risk patterns in descriptions of IoT risk scenarios. We surveyed 19 IoT experts between January and February 2018 using an online questionnaire. The submitted scenarios provided expert's perception of evolving IoT risk trajectories and were evaluated using thematic analysis, a method used to identify and report patterns within data. Four common themes were extracted: physical safety; crime and exploitation; loss of control; and social norms and structures. These themes provide suitable analytical tools to contextualise emerging risks and help detecting gaps about security and privacy challenges in the IoT