An innovative new board game has been developed to increase the awareness of cybersecurity threats in smart homes and help developers create strategies to address these by the team of Dr Lachlan Urquhart (lead), Dr Jiahong Chen, Adam Jenkins, Stanislaw Piasecki, and Dr Tommy Nilsson.
As part of the larger EPSRC-funded project, the team developed the ‘Defence Against Dark Artefacts: Securing the Smart Home’ game from the ground up. It brings together the team’s track record in design, law, HCI, and usable security. It also brings together shared interests in the role of serious games and design fiction in improving usable security of devices and developer practices; the use of physical, playful methods to enable creative reflection on how to build wider values into technologies; and their understanding of the law and policy landscape in this domain.
The game was created to be a reflective design tool to help Internet of Things (IoT) developers think about the challenges of securing smart home networks. From the start, the team were keen to follow a co-design approach to understand the needs of the community who would be using it, to ensure the game was situated within those domains and to try to create a satisfying and fun experience. To that end, the team ran a series of 9 gameplay-driven workshops to develop the aesthetics and gameplay dynamics in an iterative manner. This drew on insights from human computer interaction, cybersecurity, and game design experts. Whilst initially planned as physical workshops, the team had to adapt to the pandemic restrictions and run these at a distance, to utilise online platforms for conducting the game led workshops.
The gameplay mechanic involves a hidden hacker who is trying to compromise vulnerabilities in devices in rooms across the home, from smart TVs to fridges and even bathroom scales. In response, a collaborative team of players use their unique skills to track down and prevent the hacker attacking more devices and ultimately taking control of the entire network. As highlighted in a government report, the threat of domestic networks being compromised is significant, and Security by Design is key to addressing the challenges. This requires IoT developers to think about the threats and solutions more strategically, something the game aims to stimulate as devices across the network are at risk e.g., with device firewalls, password management, reducing attack surfaces and patching. The physical version of the game (see pictures below) has resulted in a visually striking artefact which brings together a huge amount of work from the team from ideation to iteration to printing and play.
The final version of the game also arrived roughly the same time as the recent release of the UK government’s Product Security and Telecommunications Infrastructure Bill at the end of 2021. This Bill puts in place new legislative security duties for manufacturers, importers, and distributors of connected consumer products on the UK Market. It establishes a framework of compliance to control what devices are accessed by UK citizens and to ensure responsibilities are taken across the supply chain. This includes a ban on use of default passwords, creating a system to disclose product security vulnerabilities, and manufacturers notifying consumers how long they will provide security updates. The impacts of non-compliance with required security requirements can result in monetary penalties up to £10m or 4% of the previous year’s worldwide annual revenue.
The law highlights need for changes in developer and business practices. The future for smart homes might not be as bleak as in the game, where users chase down hidden hackers in their home. Instead, it may be one of more secure IoT devices and networks ‘by design’. Whilst it would be a less entertaining game setting, a near future where the smart home is secured would be an exciting prospect!