To what extent do public perceptions of connected places affect the security and sustainability of connected places?

Download

This review has been conducted by PETRAS National Centre of Excellence for IoT Systems Cybersecurity. PETRAS stands for: privacy, ethics, trust, reliability, acceptability and security. These factors are key in the analysis of the security and sustainability of the Internet of Things, and by association, connected places. Therefore, the authors have considered cybersecurity through each of these lenses when conducting the review.

Building on PETRAS research into the ethics and public perceptions of IoT deployed in public spaces, the Department for Science, Innovation and Technology (DSIT) Secure Connected Places Team reached out to PETRAS to commission a literature review on the extent to which public perceptions of connected places affect their security and sustainability.

The review explores the existing literature on public perceptions and behaviors in the context of cybersecurity in connected places. It reveals that while many articles highlight the importance of public perceptions and behavior during a cyber-attack, there is no consensus on how to influence them to minimise attack impact and expedite recovery. Additionally, there is disagreement across the literature on who the public and connected place managers are, their motivations, and how they relate to each other in the context of connected place cybersecurity. The review also shows that public perceptions can affect the success and sustainability of connected places, however, exactly how and to what extent is not known. Findings of note include:

• End user devices and the way they are maintained are key technical vulnerabilities for the security and sustainability of connected places. However, it is unclear how much influence connected place managers can have on weak points in either user behaviour or the supply chain of these devices.
• In general, the majority of the public is oblivious to connected places. This presents a passive threat of accidental damage and increased vulnerability to attacks oriented to social engineering that may damage the infrastructure of the connected place and data reliability.
• In extreme circumstances, the public can become an active threat to the security and sustainability of connected places should they reject a connected place due to lack of trust or perceived invasion of privacy. This may manifest itself as low-skilled cyber-attacks, data obfuscation, or vandalism to hardware.
• Public perceptions and behaviours increase in importance during and immediately after an attack when place managers need to manage public behaviours.
• Models, policies and place managers? communication can be vital in shaping public perceptions of connected places. However, there is not enough evidence to provide guidance on which are most effective due to the lack of depth and transferability in current research and the complexity of the connected place landscape.
• Existing literature emphasises the importance of involving the public in discussions about connected places to ensure the success and security of these places.

The authors argue that more research is needed on the mechanisms to assess the influence of public perceptions and associated behaviors on threats to security in connected places. The authors also argue that there is a need to investigate the models and tools currently being deployed by connected place design and management to understand and influence public perceptions and behaviors. Furthermore, the authors identify a need to investigate the complex relationship between the public and connected place managers and explore the patterns between specific connected place cybersecurity incidents and the methods used to influence public perceptions.

The Public Perceptions literature review is also available on the GOV.UK website here.