Abstract
Emerging "in-body" monitoring, such as via ingestible devices, promises the future of personalised health, yet discussions of crime and security implications remain of low priority. Here, we develop and deploy the scenario building of the Delphi process and the prototyping of the hackathon through a hybrid hackathon Delphi framework that we have labelled "BAKE". The aim of BAKE is to capture insight from experts regarding the risks posed by these devices; and to produce evidence for the utility of the model as a mechanism to identify at an early stage of design/development, criminally-exploitable vulnerabilities in biotechnology (bio-electronic devices), especially medical products/services. Findings from four expert groups include the identification of four crime forms (e.g., corporate exploitation, data breaches). Five secure by design principles (e.g., end-to-end encryption) and four governance mechanisms (e.g., independent body) were recognised. Four stakeholders were identified (e.g., technical, advocates for equitable treatment). Results indicate that the inclusion of non-traditional experts and early career researchers within the hackathon model can allow the identification of highly challenging threats within the cyber-physical device system. We demonstrated that hosting a hackathon with an embedded Delphi process can instigate secure by design thinking earlier in the product development life cycle of any emerging technology.