Embedded connected computers are installed in homes in increasing numbers in the form of consumer IoT devices. These devices are often insufficiently protected against cyberattacks. In this research report, we propose several security requirements for consumer IoT devices. These requirements are suitable for enforcement through legislation and will significantly improve consumer IoT cybersecurity when implemented.This research report, commissioned by the Dutch Radiocommunications Agency, describes a threat model and significant security problems, derived from literature research. These assisted in evaluating more than 400 security measures, after which the top measures were summarised into eight essential security requirements. These requirements are easy to implement, easy to test, unambiguous, and greatly improve the cybersecurity of the products. We recommend standardisation agencies to make these requirements mandatory for all consumer IoT devices.
MULTIFILE
Background: A pragmatic, stepped wedge trial design can be an appealing design to evaluate complex interventions in real-life settings. However, there are certain pitfalls that need to be considered. This paper reports on the experiences and lessons learned from the conduct of a cluster randomized, stepped wedge trial evaluating the effect of the Hospital Elder Life Program (HELP) in a Dutch hospital setting to prevent older patients from developing delirium. Methods: We evaluated our trial which was conducted in eight departments in two hospitals in hospitalized patients aged 70 years or older who were at risk for delirium by reflecting on the assumptions that we had and on what we intended to accomplish when we started, as compared to what we actually realized in the different phases of our study. Lessons learned on the design, the timeline, the enrollment of eligible patients and the use of routinely collected data are provided accompanied by recommendations to address challenges. Results: The start of the trial was delayed which caused subsequent time schedule problems. The requirement for individual informed consent for a quality improvement project made the inclusion more prone to selection bias. Most units experienced major difficulties in including patients, leading to excluding two of the eight units from participation. This resulted in failing to include a similar number of patients in the control condition versus the intervention condition. Data on outcomes routinely collected in the electronic patient records were not accessible during the study, and appeared to be often missing during analyses. Conclusions: The stepped wedge, cluster randomized trial poses specific risks in the design and execution of research in real-life settings of which researchers should be aware to prevent negative consequences impacting the validity of their results. Valid conclusions on the effectiveness of the HELP in the Dutch hospital setting are hampered by the limited quantity and quality of routine clinical data in our pragmatic trial. Executing a stepped wedge design in a daily practice setting using routinely collected data requires specific attention to ethical review, flexibility, a spacious time schedule, the availability of substantial capacity in the research team and early checks on the data availability and quality.
