ENISA’s report, “Threat Landscape and Good Practice Guide for Smart Home and Converged Media,” is a contribution toward the achievement the EU Cyber Security Strategy objectives.
The study aims to identify both the security risks and challenges, as well as the countermeasures, required for emerging technologies in smart homes, providing a specific and focused approach with an overview of the current state of cybersecurity in this emerging domain.
For the compilation of this report, an informal expert group was created to collect input at stages of the project. In addition, the study takes into account existing assessments and publicly available information sources and provides a thematic threat landscape in the area of smart homes.
Within the scope of the study, threat agents have been identified, revealing several sources of vulnerability. Cybercriminals are identified as the largest and most hostile threat category, while the potential abuse of smart homes should be considered high with the increasing number of smart devices and homes and particularly converged media. Further, several economic factors generate security vulnerabilities while design choices are competing against cost and convenience.
Many of the risks will be of a socio-technical type because of the depth and variety of personal information that can be captured and processed and will produce data on previously unrecorded activities with a close link between people and their environments. In addition, the interests of different asset owners in the smart home are not necessarily aligned and might even be in conflict, creating a complex environment for security activity.
On the other hand, converged media and television raise security issues in connectivity, embedded functionality, opaque systems and incompatibility with traditional information security approaches, along with issues of privacy, access and copyright. Converged media devices are likely to be some of the first consumer smart home devices introduced to many homes and therefore will be the terrain for the initial playing out of many of the identified smart home security issues.
Not all smart homes are created equally because of the multiple design pathways that result in their own security and privacy peculiarities, sharing issues and vulnerabilities. As in many other areas of ICT, applying basic information security can significantly increase overall security in the smart home domain.
Good practices in the sector involve the design of the smart home as a system, careful consideration of the security of cloud-based smart home designs, an application isolation framework (as developed in smart cars) and keeping critical software separate from noncritical apps, network and communications security measures. Similar approaches referred to for smart grids might prove applicable in the smart home context.