The Consumer Security Index for IoT: A protocol for developing an index to improve consumer decision making and to incentivize greater security provision in IoT devices
Consumer IoT devices often lack adequate in-built security, giving rise to newer forms of threats and crime risks. Security should be designed into devices but at present there is little incentive for manufacturers to do so consistently. Additionally, consumers are not given simple information at the point of purchase, in user manuals or other materials to help them assess the security of devices. Consumers are therefore not afforded the opportunity to understand the level of security devices offer. Consumer rating indices (e.g. food traffic light labels) can provide this opportunity to aid consumer choice. This research aims to co-develop a consumer security index (CSI), with consumers and security experts, to aid consumer decision making and incentivise greater security provision in the manufacture of IoT devices. In this paper, we focus on the methodology for the development of the index. Through a focus group with IoT security experts, Study 1 will identify security features that consumer IoT devices should provide. Study 2 will employ an online survey to identify consumer preferences concerning the disclosure of security and privacy features that devices provide, and focus groups will help to co-design the CSI by discussing the information value, appeal and likely engagement of a security index label. To better understand the current situation, Study 3 will develop a matrix of different classes of IoT devices manually coded according to the CSI for a sample of devices. Study 4 will explore the use of natural language processing to extract data from device user manuals to identify what information is communicated about the security features, as well as, what crime prevention messaging is provided by manufacturers. The project will use a formal methodology to develop a CSI that is co-designed with experts and consumers. The ultimate aims are to encourage the use of the index to help inform consumer choice, and to lever market action so that IoT devices are shipped with security features in-built.
Internet of Things,Cybersecurity,Cybercrime Consumer security index, Co-design