Friday Update: IoT Security in Congress, Industry... And Vegas
This week we have seen more contributions to the growing body of work on IoT. The House Energy and Commerce Committee’s Internet of Things (IoT) Working Group released a White Paper detailing its activities. Security has been a major topic this week at the Consumer Electronics Show (CES) in Las Vegas. And a private working group, Online Trust Alliance (OTA), this week released an IoT Trust Framework and Resource Guide. IoT will remain to a hot topic, and we expect agencies and Congress to continue to examine security implications.
Congress: IoT Working Group White Paper
A bi-partisan House IoT Working Group—co-chaired by Congressman Bob Latta (R-OH) and Congressman Peter Welch (D-VT)—held five off-the-record roundtables to discuss IoT matters with technology experts, stakeholders, and industry leaders. The IoT Working Group discussed the benefits and challenges of IoT generally and as they relate to connected vehicles, cybersecurity and privacy, energy, and health. Security and privacy challenges were common themes, as was the importance of pursuing a flexible regulatory approach. According to the White Paper, some participants recommended that the government refrain from adopting “one-size-fits-all” mandates and emphasized the need for any regulation to be workable in an environment where IoT technology and threats are rapidly evolving.
The White Paper also summarizes IoT initiatives outside of Congress in the public and private sectors: The National Telecommunications and Information Administration (NTIA) is using the multistakeholder process to review IoT, including security and potential roles for government in fostering IoT advancement. The National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) have issued guidance on securing IoT devices and the broader ecosystem. The Federal Trade Commission (FTC) released a report setting forth best practices. The White Paper also discusses private efforts to develop voluntary standards and best practices. The White Paper concludes by emphasizing the importance of continued collaboration between the federal government and private sector.
CES: Focus on IoT and Security
Several Wiley Rein attorneys are at CES in Vegas this week and have seen a major focus on IoT and security. The incredible tech innovation and solutions on the show floor—from smart washing machines to home systems to connected cars and health solutions—show the imminent explosion of connectivity, with attendant consumer and regulatory interest in security. For example, at panel discussion with FTC and FCC Commissioners yesterday, IoT was a hot topic with discussion of security expectations of consumers and debate over the proper role of government in fostering innovation.
OTA: IoT Trust Framework
OTA, in collaboration with non-governmental organizations (NGOs), trade organizations, security advocates, and other stakeholders, released version 2.0 of the IoT Trust Framework—a modernized framework setting forth baseline security and privacy enhancing principles for wearable technologies and connected home or office devices. OTA designed the framework to guide device development and risk assessment by IoT device developers, purchasers, and retailers. Its recommendations are based in part on the widely-accepted Fair Information Practice Principles (FIPPs) and guidance from industry organizations and federal agencies.
Like the original Trust Framework released in March 2016, the revised framework organizes principles under four categories: security principles; user access and credentials; privacy, disclosures and transparency; and notifications and related best practices. The new Trust Framework adds five new principles concerning efficient vulnerability remediation, device design, measures to guard against physical tampering, device accessibility, and user awareness. The Trust Framework offers 37 strategic principles to secure IoT devices and their data.
Looking Ahead
Policy makers and tech leaders are engaged, and will continue to discuss these issues. For example, the Congresswoman Suzan DelBene and industry leaders will address 5G, wireless, and IoT next week in an event on the Hill on January 11th entitled Women of Wireless: A Discussion of 5G, IoT, and What’s Next in Mobile Innovation, hosted by the Women’s High Tech Coalition. For more information, look here: http://womenshightech.org/upcoming-events/.
The IoT Working Group White Paper and OTA IoT Trust Framework are two more additions to the growing list of guidance for IoT. As scrutiny of IoT continues, it will be important for stakeholders to engage the government and explain what they are doing to secure IoT. Government and consumers will continue to expect privacy and security to be addressed as wireless technologies and networks evolve.