Elgabry, Mariam;
Nesbeth, Darren;
Ekblom, Paul;
Johnson, Shane;
(2025)
BAKE: a novel framework for iterative security design for identifying criminally-exploitable vulnerabilities in biotechnology products.
Crime Science
, 14
, Article 16. 10.1186/s40163-025-00256-8.
Preview |
Text
Elgabry 25.pdf - Published Version Download (2MB) | Preview |
Abstract
Emerging "in-body" monitoring, such as via ingestible devices, promises the future of personalised health, yet discussions of crime and security implications remain of low priority. Here, we develop and deploy the scenario building of the Delphi process and the prototyping of the hackathon through a hybrid hackathon Delphi framework that we have labelled "BAKE". The aim of BAKE is to capture insight from experts regarding the risks posed by these devices; and to produce evidence for the utility of the model as a mechanism to identify at an early stage of design/development, criminally-exploitable vulnerabilities in biotechnology (bio-electronic devices), especially medical products/services. Findings from four expert groups include the identification of four crime forms (e.g., corporate exploitation, data breaches). Five secure by design principles (e.g., end-to-end encryption) and four governance mechanisms (e.g., independent body) were recognised. Four stakeholders were identified (e.g., technical, advocates for equitable treatment). Results indicate that the inclusion of non-traditional experts and early career researchers within the hackathon model can allow the identification of highly challenging threats within the cyber-physical device system. We demonstrated that hosting a hackathon with an embedded Delphi process can instigate secure by design thinking earlier in the product development life cycle of any emerging technology.
| Type: | Article |
|---|---|
| Title: | BAKE: a novel framework for iterative security design for identifying criminally-exploitable vulnerabilities in biotechnology products |
| Location: | Germany |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1186/s40163-025-00256-8 |
| Publisher version: | https://doi.org/10.1186/s40163-025-00256-8 |
| Language: | English |
| Additional information: | This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/. |
| Keywords: | Delphi, Design, Framework, Governance, Hackathon, Medical device, Policy, Secure |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Biochemical Engineering UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10215287 |
Archive Staff Only
 |
View Item |
