The Department of Energy Joins the Crowded Field Interested in IoT Cyber and Privacy Issues

Today, the Department of Energy (DOE) published a Request for Information (RFI) regarding smart technology, adding to the regulatory efforts swirling around IoT. 

DOE’s interest in smart technology—particularly smart appliances and commercial equipment—is three-fold:  (1) it is interested in better understanding the state of the market for smart products and equipment, (2) it is interested in the energy consumption implications of these products and equipment, and (3) it is interested in smart technology’s potential privacy and security risks.  While the RFI mainly asks questions that fall under the first two topics—for example, questions about “factors driving the market, including consumer demand” and “the impact, if any, of smart features on the energy efficiency or energy use of appliance or equipment models”—the RFI strays into questions of cybersecurity and privacy, as well.  Specifically, DOE’s RFI asks about “the cyber security risks associated with these technologies” and states that it “appreciates the importance of many of these consumer-driven technological developments, while remaining cautious of energy saving design options that may compromise public safety due to associated cyber security risks.”  In the RFI, DOE makes a clear that “[i]nformation received will assist [it] in understanding [smart technology] so as to avoid inhibiting it through its standards and test procedure development processes.”

With this RFI, DOE joins a number of other agencies that have launched efforts aimed at IoT cybersecurity and/or privacy issues.  For example, earlier this year, the Consumer Product Safety Commission began a process to analyze the physical safety risks of internet-connected devices.  As is the case with the other efforts, the DOE RFI, if it leads to regulatory action or oversight, could have significant impacts on the IoT market.

Comments in response to the RFI are due November 16, 2018.