{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T22:40:12Z","timestamp":1772750412337,"version":"3.50.1"},"reference-count":57,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2022,8,6]],"date-time":"2022-08-06T00:00:00Z","timestamp":1659744000000},"content-version":"vor","delay-in-days":217,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100000269","name":"Economic and Social Research Council","doi-asserted-by":"publisher","award":["ES\/V003666\/1"],"award-info":[{"award-number":["ES\/V003666\/1"]}],"id":[{"id":"10.13039\/501100000269","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,1,28]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>The decisions involved in choosing technology components for systems are poorly understood. This is especially so where the choices pertain to system security and countering the threat of cybersecurity attack. Although common in some commercial products, secure hardware chips provide security functions such as authentication, secure execution and integrity validation on system start, and are increasingly deemed to have a role in devices across sectors, such as IoT devices, autonomous vehicle systems and critical infrastructure components. To understand the decisions and opinions regarding the adoption of secure hardware, we conducted 23 semi-structured interviews with senior decision-makers from companies spanning a range of sectors, sizes and supply-chain roles. Our results consider the business propositional drivers, barriers and economic factors that influence the adoption decisions. Understanding these would help those seeking to influence the adoption process, whether as a business decision, or as a trade or national strategy.<\/jats:p>","DOI":"10.1093\/cybsec\/tyac009","type":"journal-article","created":{"date-parts":[[2022,8,6]],"date-time":"2022-08-06T03:29:24Z","timestamp":1659756564000},"source":"Crossref","is-referenced-by-count":9,"title":["Drivers and barriers for secure hardware adoption across ecosystem stakeholders"],"prefix":"10.1093","volume":"8","author":[{"given":"Andrew","family":"Tomlinson","sequence":"first","affiliation":[{"name":"Department of Computing, University of Worcester, City Campus, Castle Street , Worcester, WR1 3AS, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6667-0440","authenticated-orcid":false,"given":"Simon","family":"Parkin","sequence":"additional","affiliation":[{"name":"Faculty of Technology, Policy and Management, TU Delft , Jaffalaan 5, 2628 BX, Delft, The Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0726-3319","authenticated-orcid":false,"given":"Siraj Ahmed","family":"Shaikh","sequence":"additional","affiliation":[{"name":"Systems Security Group (SSG), Department of Computer Science, The Computational Foundry, Swansea University Bay Campus , Fabian Way, Swansea, SA1 8EN, UK"},{"name":"Security, Risks Management and Conflict (SEGERICO) Research Group, Universidad Nebrija , C. de Sta. Cruz de Marcenado, 27, 28015 Madrid, Spain"}]}],"member":"286","published-online":{"date-parts":[[2022,8,5]]},"reference":[{"key":"2022121515104606300_bib1","doi-asserted-by":"crossref","first-page":"70528","DOI":"10.1109\/ACCESS.2018.2879615","article-title":"A review of low-end, middle-end, and high-end IoT devices","volume":"6","author":"Ojo","year":"2018","journal-title":"IEEE Access"},{"key":"2022121515104606300_bib2","doi-asserted-by":"crossref","first-page":"25594","DOI":"10.1109\/ACCESS.2021.3055650","article-title":"Systematic approach for state-of-the-art architectures and system-on-chip selection for heterogeneous IoT applications","volume":"9","author":"Krishnamoorthy","year":"2021","journal-title":"IEEE Access"},{"key":"2022121515104606300_bib3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3231053.3231074","article-title":"A study of current trends in the design of processors for the internet of things","volume-title":"Proceedings of the Second International Conference on Future Networks and Distributed Systems","author":"Banday","year":"2018"},{"key":"2022121515104606300_bib4","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1109\/EuroSPW.2019.00021","article-title":"A survey on developer-centred security","author":"Tahaei","year":"2019","journal-title":"Proceedings of the 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)"},{"key":"2022121515104606300_bib5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.3390\/s20205729","article-title":"Hardware security of fog end-devices for the internet of things","volume":"20","author":"Butun","year":"2020","journal-title":"Sensors"},{"key":"2022121515104606300_bib6","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1145\/3447543","article-title":"Enclaves in the clouds","volume":"64","author":"Singh","year":"2021","journal-title":"Commun ACM"},{"key":"2022121515104606300_bib7","article-title":"The cyber security body of knowledge (CyBoK) 1.0","author":"Rashid","year":"2019"},{"key":"2022121515104606300_bib8","doi-asserted-by":"crossref","first-page":"807","DOI":"10.1016\/j.cose.2018.02.001","article-title":"Information security investments: an exploratory multiple case study on decision-making, evaluation and learning","volume":"77","author":"Weish\u00e4upl","year":"2018","journal-title":"Comput Secur"},{"key":"2022121515104606300_bib9","article-title":"The UK code of practice for consumer IoT security: \u2018where we are and what next\u2019","author":"Burton","year":"2021"},{"key":"2022121515104606300_bib10","doi-asserted-by":"crossref","first-page":"6","DOI":"10.22215\/timreview\/885","article-title":"Supply chain cyber-resilience: creating an agenda for future research","volume":"5","author":"Khan","year":"2015","journal-title":"Technol Innov Manag Rev"},{"key":"2022121515104606300_bib11","first-page":"285","article-title":"Hardware security in IoT era: the role of measurements and instrumentation","volume-title":"Proceedings of the 2019 IEEE International Workshop on Metrology for Industry 40 and IoT, MetroInd 40 and IoT 2019","author":"Tudosa"},{"key":"2022121515104606300_bib12","doi-asserted-by":"crossref","first-page":"819","DOI":"10.1109\/ICCAD.2013.6691207","article-title":"Hardware security: threat models and metrics","volume-title":"Proceedings of the 2013 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD)","author":"Rostami","year":"2013"},{"key":"2022121515104606300_bib13","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1145\/3424302.3431245","article-title":"The die is cast: hardware security is not assured","volume":"18","author":"Levine","year":"2020","journal-title":"Queue"},{"key":"2022121515104606300_bib14","article-title":"Global encryption trends study","author":"Ponemon Institute LLC","year":"2021"},{"key":"2022121515104606300_bib15","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1109\/MSEC.2020.2994827","article-title":"Is hardware more secure than software?","volume":"18","author":"Zhao","year":"2020","journal-title":"IEEE Secur Priv"},{"key":"2022121515104606300_bib16","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1145\/3325284","article-title":"Inside risks through computer architecture, darkly","volume":"62","author":"Markettos","year":"2019","journal-title":"Commun ACM"},{"key":"2022121515104606300_bib17","doi-asserted-by":"crossref","first-page":"42","DOI":"10.3390\/jsan8030042","article-title":"Hardware security in IoT devices with emphasis on hardware trojans","volume":"8","author":"Sidhu","year":"2019","journal-title":"J Sens Actuat Netw"},{"key":"2022121515104606300_bib18","article-title":"Hardware is a cybersecurity risk. Here\u2019s what we need to know","author":"Levine","year":"2019"},{"key":"2022121515104606300_bib19","article-title":"Fostering economic resilience in a world of open and integrated markets: risks, vulnerabilities and areas for policy action","author":"Organisation for Economic Co-operation and Development (OECD)","year":"2021"},{"key":"2022121515104606300_bib20","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1145\/3411504.3421217","article-title":"A new doctrine for hardware security","author":"Hastings","year":"2020","journal-title":"Proceedings of the Fourth ACM Workshop on Attacks and Solutions in Hardware Security\u2013ASHES 2020"},{"key":"2022121515104606300_bib21","first-page":"973","article-title":"Meltdown: Reading kernel memory from user space. In 27th USENIX Security Symposium (USENIX Security 18)","author":"Lipp","year":"2018"},{"key":"2022121515104606300_bib22","article-title":"CFOs can prove the value of cybersecurity investments: here\u2019s how","author":"Potter","year":"2020"},{"key":"2022121515104606300_bib23","doi-asserted-by":"crossref","first-page":"413","DOI":"10.1016\/j.ijinfomgt.2008.02.002","article-title":"An economic modelling approach to information security risk management","volume":"28","author":"Bojanc","year":"2008","journal-title":"Int J Inf Manag"},{"key":"2022121515104606300_bib24","article-title":"Intel shares fall as investors worry about costs of chip flaw","author":"Finkle","year":"2018"},{"key":"2022121515104606300_bib25","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1109\/TDSC.2018.2883057","article-title":"Design and evaluation of a reconfigurable ECU architecture for secure and dependable automotive CPS","volume":"18","author":"Poudel","year":"2021","journal-title":"IEEE Trans Depend Secur Comput"},{"key":"2022121515104606300_bib26","doi-asserted-by":"crossref","first-page":"1010","DOI":"10.1109\/TCAD.2020.3047976","article-title":"An overview of hardware security and trust: threats, countermeasures, and design tools","volume":"40","author":"Hu","year":"2021","journal-title":"IEEE Trans Comput Aided Design Integr Circuit Syst"},{"key":"2022121515104606300_bib27","doi-asserted-by":"crossref","first-page":"136","DOI":"10.1109\/EuroSPW.2018.00026","article-title":"Trusted platform modules in cyber-physical systems: on the interference between security and dependability","volume-title":"Proceedings of the 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","author":"Hoeller","year":"2018"},{"key":"2022121515104606300_bib28","article-title":"Trusted execution environments (TEEs) in connected cars","author":"Hsu","year":"2019"},{"key":"2022121515104606300_bib29","article-title":"Think the hardware in your car is secure? You might be surprised at our findings..","author":"Jester","year":"2020"},{"key":"2022121515104606300_bib30","article-title":"New and old challenges for trusted and assured microelectronics","author":"Fazzari","year":"2019"},{"key":"2022121515104606300_bib31","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1007\/978-3-319-93100-5_20","article-title":"Hardware security and trust: logic locking as a design-for-trust solution","volume-title":"The IoT Physical Layer","author":"Yasin","year":"2019"},{"key":"2022121515104606300_bib32","first-page":"1","article-title":"Security and trust \u2013 new challenges to computing today in cyberspace","volume-title":"Proceedings of the 2014 Seventh International Conference on Contemporary Computing, IC3 2014 Institute of Electrical and Electronics Engineers Inc.","author":"Ramesh","year":"2014"},{"key":"2022121515104606300_bib33","first-page":"24","article-title":"Hardware security-present and future trends","volume-title":"Proceedings of the ACM International Conference Proceeding Series Association for Computing Machinery","author":"Rekha","year":"2019"},{"key":"2022121515104606300_bib34","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3340557","article-title":"Recent attacks and defenses on FPGA-based systems","volume":"12","author":"Zhang","year":"2019","journal-title":"ACM Trans Reconfig Technol Syst"},{"key":"2022121515104606300_bib35","volume-title":"How the world ran out of semiconductors","author":"Mudassir","year":"2021"},{"key":"2022121515104606300_bib36","first-page":"457","article-title":"The CHERI capability model: revisiting RISC in an age of risk","author":"Woodruff","year":"2014","journal-title":"Proceedings of the Forty-First Annual International Symposium on Computer Architecuture ISCA \u201914"},{"key":"2022121515104606300_bib37","volume-title":"DSbD CHERI and Morello Capability Essential IP (Version 1)","author":"Watson","year":"2020"},{"key":"2022121515104606300_bib38","volume-title":"Semiconductor Manufacturing Handbook","author":"Geng","year":"2018"},{"key":"2022121515104606300_bib39","doi-asserted-by":"crossref","DOI":"10.1007\/s38314-021-0585-z","volume-title":"Bravely Marching in the Wrong Direction","author":"Unseld","year":"2021"},{"key":"2022121515104606300_bib40","doi-asserted-by":"crossref","DOI":"10.4271\/R-199","volume-title":"Automotive Engineering Fundamentals","author":"Stone","year":"2004"},{"key":"2022121515104606300_bib41","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1145\/2602087.2602091","article-title":"Coordinating security and safety engineering processes in automotive electronics development","author":"Robinson-Mallett","year":"2014","journal-title":"Proceedings of the Ninth Annual Cyber and Information Security Research Conference CISR \u201914"},{"key":"2022121515104606300_bib42","first-page":"21","article-title":"Towards robust experimental design for user studies in security and privacy","volume-title":"Proceedings of the\u00a0 {LASER} Workshop: Learning from Authoritative Security Experiment Results ({LASER} 2016)","author":"Krol","year":"2016"},{"key":"2022121515104606300_bib43","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1109\/MITP.2021.3105248","article-title":"Scarcity and global insecurity: the semiconductor shortage","volume":"23","author":"Voas","year":"2021","journal-title":"IT Profess"},{"key":"2022121515104606300_bib44","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511814570.003","volume-title":"Questionnaires, In-Depth Interviews and Focus Groups","author":"Adams","year":"2008"},{"key":"2022121515104606300_bib45","first-page":"1","article-title":"One size fits all? What counts as quality practice in (reflexive) thematic analysis?","volume":"18","author":"Braun","year":"2020","journal-title":"Qualit Res Psychol"},{"key":"2022121515104606300_bib46","article-title":"Remote exploitation of an unaltered passenger vehicle","author":"Miller","year":"2015"},{"key":"2022121515104606300_bib47","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3471930","article-title":"The case for adaptive security interventions","volume":"31","author":"Rauf","year":"2021","journal-title":"ACM Trans Softw Eng Methodol"},{"key":"2022121515104606300_bib48","doi-asserted-by":"crossref","DOI":"10.1109\/SecDev51306.2021.00023","article-title":"Developers are neither enemies nor users: they are collaborators","volume-title":"Proceedings of the IEEE Secure Development Conference 2021","author":"Chowdhury","year":"2021"},{"key":"2022121515104606300_bib49","first-page":"57","article-title":"Management of information security: challenges and research directions","volume":"20","author":"Choobineh","year":"2007","journal-title":"Commun Assoc Inf Syst"},{"key":"2022121515104606300_bib50","first-page":"32","article-title":"Identifying how firms manage cybersecurity investment","author":"Moore","year":"2016","journal-title":"Proceedings of the 2016 Workshop on the Economics of Information Security (WEIS 2016)"},{"key":"2022121515104606300_bib51","article-title":"Measuring the changing cost of cybercrime","author":"Anderson","year":"2019","journal-title":"Proceedings of the 2019 Workshop on the Economics of Information Security (WEIS 2019)"},{"key":"2022121515104606300_bib52","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-3-642-39498-0_1","article-title":"A closer look at information security costs","volume-title":"The Economics of Information Security and Privacy","author":"Brecht","year":"2013"},{"key":"2022121515104606300_bib53","doi-asserted-by":"crossref","first-page":"46","DOI":"10.1145\/3171533.3171539","article-title":"Developer-centered security and the symmetry of ignorance","volume-title":"Proceedings of the 2017 New Security Paradigms Workshop","author":"Pieczul","year":"2017"},{"key":"2022121515104606300_bib54","doi-asserted-by":"crossref","first-page":"706","DOI":"10.1016\/j.telpol.2009.09.001","article-title":"Cybersecurity: stakeholder incentives, externalities, and policy options","volume":"33","author":"Bauer","year":"2009","journal-title":"Telecommun Pol"},{"key":"2022121515104606300_bib55","article-title":"Code of Practice for Consumer IoT Security","author":"UK Department for Digital, Culture, Media & Sport (DCMS)","year":"2018"},{"key":"2022121515104606300_bib56","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.IR.8267-draft","article-title":"Security review of consumer home Internet of Things (IoT) products","author":"Fagan","year":"2019"},{"key":"2022121515104606300_bib57","article-title":"Scenario-driven assessment of cyber risk perception at the security executive level","author":"Parkin","year":"2021","journal-title":"Proceeedings of the The Workshop on Usable Security and Privacy (USEC) \u201921"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/8\/1\/tyac009\/47918667\/tyac009.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/8\/1\/tyac009\/47918667\/tyac009.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,15]],"date-time":"2022-12-15T23:09:07Z","timestamp":1671145747000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyac009\/6656148"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,1]]},"references-count":57,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,1,28]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyac009","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2022,1,1]]},"published":{"date-parts":[[2022,1,1]]},"article-number":"tyac009"}}