NTIA Summarizes Stakeholder Comments on IoT Security & Automated Threats

On September 18, the National Telecommunications and Information Administration (NTIA) released a report on Internet of Things (IoT) security, botnets, DDoS attacks, and other cyber threats. The Report of Responses to NTIA’s Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats, documents the overall themes of responses from 47 commenters. The full report can be found here.

A Framework for an IoT Future

Connected phones, connected cars, connected thermostats.  In the near future, many of the everyday things we use will connect to the Internet.  This will make our lives easier.  Your car will know if someone is in your blindspot; your pacemaker will send data to your doctor; and you can monitor your front door from the other side of the world. 

Federal Court Preempts Local Regulation of UAS

Today, a federal district court in Massachusetts held that attempts by Newton, Massachusetts to impose local restrictions on the operations of unmanned aerial vehicles (or “drones”) were preempted by federal law. In its order, the court cited with approval an amicus brief filed jointly by the Consumer Technology Association and AUVSI, which Wiley Rein helped prepare. The decision, in Singer v. Newton, is available here.

The Literal Impact of UAVs: New Study Explores Risks of Injury from Drone Strikes

New research published by Virginia Tech (VT) aims to shed some light on the risks posed by collisions between UAS and people. The research, billed as the first peer-reviewed academic study of its kind, was conducted by the VT injury biomechanics team in cooperation with the VT UAS test site, and has been published in the Annals of Biomedical Engineering

NIST’s New Draft SP 800-53: Broad Scope, Significant IoT Impact, and Short Comment Window

NIST has released Special Publication 800-53 Revision 5:  Draft Security and Privacy Controls for Federal Information Systems and Organizations.  This document purports to offer a “comprehensive set of safeguarding measures for all types of computing platforms.”  Importantly, NIST has specifically highlighted that Internet of Things (“IoT”) devices are covered under this document.

Multistakeholders Adopt Voluntary Guidance on Communicating IoT Device Upgradability to Consumers

Stakeholders – collaborating as part of a National Telecommunications and Information Administration (NTIA)-convened multistakeholder process on Internet of Things (IoT) security upgradability and patching – reached consensus on voluntary guidance intended to assist manufacturers who decide to communicate IoT device update capability to consumers.  The ability for connected devices to receive security upgrades is critically important for mitigating vulnerabilities after devices have found their way into the hands of consumers.

New DoD Guidance Gives Military Green Light for Counter-UAS Measures

The Department of Defense (“DoD”) has released guidelines on the measures available to the military to eliminate threats posed by unmanned aircraft systems (“UAS”) found operating above and around military installations in the United States.  The agency announced yesterday that it provided a classified guidance to the services and installations last month on UAS countermeasures, and on Friday issued another guidance which specifies how UAS restrictions should be communicated to the communities surrounding military installations.

Draft IoT Legislation Increases Obligations on Contractors and Promotes Vulnerability Disclosure

The Internet of Things (IoT) Cybersecurity Improvement Act of 2017, introduced August 1, 2017, by Sens. Mark Warner (D-VA), Cory Gardner (R-CO), Ron Wyden (D-OR) and Steve Daines (R-MT), seeks to improve the security of ‘Internet of Things’ (IoT) devices by establishing requirements for IoT devices procured by the federal government. Several third parties contributed to it, including think tanks and security vendors. It does not appear that the private-sector suppliers of IoT devices or network operators were involved in the drafting.

GAO Reports Demonstrate Wisdom of A Coordinated U.S. IoT Strategy

The Internet of Things (IoT) is key to the digital future.  Policymakers in the U.S. and abroad are studying and in some cases regulating it, based on concerns about security, privacy, and interoperability.  The U.S. faces a few fundamental questions:  How do we responsibly deploy IoT for the benefit of citizens and businesses? Should it be regulated and if so under what conditions?  How can we preserve open international markets for what is—at bottom—inherently global and interconnected?

Broad Reach of COPPA Extends to IoT

This month, the Federal Trade Commission (FTC) updated its Children’s Online Privacy Protection Act (COPPA) Rule Compliance Guide in its ongoing effort to ensure that COPPA reflects changes in technology, including the Internet of Things (IoT).  Although the FTC’s update confirms that COPPA applies to IoT devices, it does not provide meaningful guidance to operators regarding how to effectively implement the COPPA requirements in the unique IoT context.   

NTIA Seeks Comment on Mitigating Botnet Threats

The National Telecommunications and Information Administration (NTIA) issued a Request for Comment (RFC) on promoting stakeholder action against botnets and other automated threats.  NTIA initiated this review pursuant to President Trump’s Executive Order on cybersecurity (summarized here), which directs the Secretaries of Commerce and Homeland Security to jointly identify and promote stakeholder action to mitigate threats perpetrated by automated and distributed attacks.  

“Flying Cars” Aren’t Cars. (And They Might Not Fly)

Since the premiere of The Jetsons in 1962, we’ve all wondered when we can expect to see futuristic flying cars in real life—pod-shaped vehicles that can float above traffic and safely deliver us to work and school.  Momentum for the idea of flying cars has been building lately, leading industry watchers to speculate whether the future is now.  

FAA’s Model Aircraft Registration Rule Doesn’t Fly with the D.C. Circuit

On May 19, 2017, the United States Court of Appeals for the D.C. Circuit announced its decision in Taylor v. Huerta, vacating the FAA’s 2015 Registration Rule as applied to model aircraft.  That rule requires owners of small unmanned aircraft, including model aircraft, to register with the FAA.  The court held that the plain language of Section 336 of FAA Modernization and Reform Act of 2012 (FMRA) bars the FAA from promulgating any rule or regulation regarding model aircraft, and that this prohibits the agency from applying the Registration Rule to model aircraft owners. 

Cybersecurity Framework Updates Coming, Including on the Internet of Things

NIST held a public workshop on Tuesday and Wednesday in Gaithersburg, Maryland to discuss proposed updates to its highly-lauded Cybersecurity Framework for Critical Infrastructure (CSF), which was released in 2014.  CSF Draft Version 1.1 was released on January 10, 2017, and NIST has taken public comment.  A summary by NIST of the comments received is available here.