The Norwegian Board of Technology hosted a workshop to get input for developing scenarios in December 2022.
Stakeholders from public institutions, commercial suppliers and research were present, for instance, The Norwegian Data Protection Agency, Eaton Electric, The Norwegian Defence Research Establishement, The National Communications Agency, Safe4, Telenor, Bouvet and Obos.
The workshop was organized with brainstorming and discussions on three topics:
• What will a smart house look like in 2030?
• What are the risks?
• What can be done?
What will a smart house look like in 2030?
The participants were asked to imagine how the use of smart home technologies can look like in three different types of households:
An elderly person with dementia: An elderly person in need of care may be the future major consumer of smart home technology. Assistance robots could help with manual tasks and mobility. Socialization could happen through VR or communication screens. Sensors can provide safety and call for help when needed.
A family with children: Families with kids are typically interested in technology that can reduce everyday friction and help save costs. Robots that can help with housework will be especially important. Security will also be important: burglary notices and an overview of where the children are located.
Students in a co-living apartment: The student collective will be concerned with conflict-solving technology. For example, own door locks, distribution of tasks and measurement of effort, individually tailored electricity bills. Students and young people most often rent housing, and much of the technology will thus be managed by homeowners.
Risks for individuals and society
Several types of risks were identified, both for the households and society at large:
Older residents are particularly exposed to risks: They may be more susceptible to fraud, for instance with someone pretending to be working in medical care. Medical equipment can be exposed to both failure and sabotage, and for example result in incorrect medication.
In the children’s family unauthorized monitoring of children could be a concerned. Food in freezers and refrigerators can be destroyed due to technical failure or hacking. If a state actor wants to spy on a country’s citizens, this could conceivably be done via covert acquisitions of companies that manage products that collect a lot of information about users via sensors, sound and images.
In the co-living space for students, it can sometimes be difficult to keep track of who lives in the apartment and not, and unauthorized persons may gain access and tamper with the equipment. Vulnerabilities in smart home equipment that is used for many housing units at once could also lead to failure that affects many people. Also, students and tenants who do not own or manage the smart house equipment could be less active in installing updates and managing security.
The critical infrastructure could also be harmed if high powered products are hacked in order to overload the power grid.
Conceivable actors that cause unwanted events could be:
• State actors and foreign intelligence
• Hacker groups looking for financial gain
• The companies that offer the products
• Youth and hackers who test limits and tinker with technology for fun
• Technical failures
What can we do?
The participants had several proposals and ideas for how to create a safer future for smart homes:
• Responsibility: Making sure that manufacturers are held accountable for severe security flaws can give incentives to deliver products with better security
• Public sector: Smart house equipment in connection with health and care services should be connected to a centralized cloud service managed by the health services
• Standardized tests: A standardized and automatic safety test should be prepared for new equipment which should be mandatory before it is sold by retailers
• Certifications: Certification of smart home technology in the same way that electrical installations need to be certified
• Education: Guidance of private individuals and raising awareness in society. Safety training in schools. In particular, the health sector, nurses and home help will need good training in internet security
• Insurance: You should be able to insure yourself against unwanted incidents: If a product has approved safety (corresponding to the CE mark), any loss/damage should be covered by insurance
• Non-smart technology: No one must be forced to use technology they are uncomfortable using
• EU-regulation: EU-regulations will also be important for Norway, and many of them will affect security in smart home products. For instance:
o AI Act/AI liability directive
o Cyber Resilience Act
o The Nis 2 directive
o Product Safety Directive/GPSD
• Technical solutions:
o Edge computing: Data processing closer to the user, rather than in the cloud
o Privacy by design
o Increased use of “open source” equipment will make it easier for the public to discover bug
o Smart home hubs are used to control other devices, and need increased security, as they could constitute a “single point of failure”
o Internet providers can use artificial intelligence to detect unusual activity in the network
o Different types of equipment and functions should be graded according to how safety-critical they are: Important functions should be on their own and separate networks, or possibly get a separate “5G slice”