We are running an afternoon workshop around Security by Design for the Internet of Things on Thurs 26th June 2025 1pm-4pm in Moot Court Room, Old College, School of Law, University of Edinburgh.
Mattis van ‘t Schip and myself are organising this workshop to explore the socio-technical, legal, and design implications of security by design. As part of this, we are hoping to bring together researchers in the Netherlands and Scotland working on this area too.
There are shifts in EU legal landscape mandating design and development changes for security targeting consumer Internet of Things systems in the EU Cyber Resilience Act and the ETSI EN 303 Secure by Design Standard, alongside at UK level in the UK Product Security and Telecommunications Infrastructure Act.
The workshop aims to foster interdisciplinary conversations across computer science; human factors; design research; tech law; STS; criminology and more through a series of introductory talks/break out discussion activities.
Initial topics of interest regulatory, design and socio-technical aspects of:
- Security across the lifecycle of IoT products.
- Security across IoT supply chains.
- Managing interdependencies across data, software, hardware in the IoT.
- Usable Security for IoT security
- Certification and governance mechanisms for IoT security.
If you are interested in joining, please save the date, and let me know if you are attending.
We are still putting together the programme, so we’d be keen to hear if you’d like to speak about your work – if so please let us know when you respond.
Also, do share this with other researchers who you think might be interested in attending, particularly ECRs/PhDs.
Provisional Schedule:
Organisers:
Lachlan Urquhart, Senior Lecturer in Technology Law and HCI, University of Edinburgh (Lachlan.urquhart@ed.ac.uk)
Mattis van ‘t Schip, PhD Researcher, Radboud University (mattis.vantschip@ru.nl )
Schedule
13.00 – 13.30:- Welcome and Lunch
13.30 – 13.45:- Overview and Introduction (“why we are here”)
Lachlan Urquhart, Edinburgh and Mattis van ‘t Schip, Radboud University. Intros; Overview of the EU Cyber Resilience Act; Security by Design Approaches; UK PSTI ; CEN EN 303 ; the INTERSECT and DADA Projects.
Part 1 Supply Chain and Lifecycle Perspectives
13.45– 14.00:- Talk 1 Lorenz Kustosch, TU Delft – “IoT Support Durations and the CRA: An Empirical Perspective with Users” In Person. (10 mins talk/ 5 mins Q+A)
14.00 – 14.15:- Talk 2 – Pratham Ajmera, Tilburg University – Two birds with one stone? Analysing the EUs use of its product regulation framework to enhance product cybersecurity – In person. (10 mins talk/ 5 mins Q+A)
14.15 – 14.30:- Talk 3 – Jingjie Li, UoE “Privacy Bills of Materials (PriBOM): A Transparent Privacy Information Inventory for Collaborative Privacy Notice Generation in Mobile App Development”
14.30 – 15.00:- Group Activity and Discussion –“Collectively Mapping the Problem Space for IoT Security” [brief on slides with post-its; big sheets of paper + pens]
15.00-15.10 – Short Break
Part 2 Socio-Technical and Design Perspectives
15.10 – 15.25:- Talk 3. Jiahong Chen, Sheffield University “Backcasting the paths to desirable IoT futures with design fictions” (10 mins talk/ 5 mins Q+A). – In person.
15.25 – 15.40:– Talk 4. Kimberley Paradis “Smart homes and Intimate Partner Violence” (10 mins talk/ 5 mins Q+A) – In person.
15.40 – 16.00:– Group Activity and Discussion 2 – “Brainstorming Solutions / Routes Forward” [brief on slides; post-its; big sheets of paper; pens] 30 mins
16.00:– Close and Pub (Pear Tree)
Image Credit: Elise Racine / https://betterimagesofai.org / https://creativecommons.org/licenses/by/4.0/ – Morning View’ is part of the artist’s series, ‘Algorithmic Encounters’: By overlaying AI-generated annotations onto everyday scenes, this series uncovers hidden layers of meaning, biases, and interpretations crafted by algorithms. It transforms the mundane into sites of dialogue, inviting reflection on how algorithms shape our understanding of the world.