Commerce Dep’t Releases Long-Awaited Green Paper on the Advancement of IoT
The U.S. Government has a record of promoting technology and innovation, and the U.S. Department of Commerce (Department) expects to build on that foundation in its approach to the Internet of Things (IoT). Following a review of public comments, meetings with stakeholders, and a public workshop, the Department released today its long-awaited green paper on “Fostering the Advancement of the Internet of Things.” It comes amidst multiple other IoT-related efforts, at the National Institute of Standards and Technology (NIST), the Federal Communications Commission (FCC), the General Services Administration (GSA), and the U.S. Department of Homeland Security (DHS), to name a few.
As expected, the green paper identifies key issues affecting IoT deployment, highlights potential benefits and challenges, and outlines possible roles for the federal government. The bottom line, according to the Department, is that while specific policies may need to be developed for certain vertical segments, the challenges and opportunities presented by IoT will require a reaffirmation—not a re-evaluation—of the U.S. government’s policy approach.
Below, we highlight key aspects of the green paper that clients should consider. The 65-page paper indicates that the Department plans to work on IoT matters, with both ongoing and new activities, across a range of contexts. The green paper lays out an approach for government action organized around four engagement areas: enabling infrastructure and access; crafting balanced policy and building coalitions; promoting standards and technology advancement; and encouraging markets. This approach also proposes engagement on issues that cut across these four areas, such as privacy, cybersecurity, and cross-border data flows, among others.
Enabling Infrastructure Availability and Access. The green paper recognizes concerns regarding availability of spectrum to support 5G wireless technologies and difficulties in siting of wireless towers and antennas or gaining access to necessary poles, conduits, and rights-of-way. According to the Department, meeting these demands will require continued modernization of legacy infrastructure and buildout of additional broadband capable networks. Current initiatives include ongoing research into interaction effects among new IoT-related spectrum use and incumbent spectrum users; championing IPv6 adoption; and assisting communities to become smart cities. Given activity in all levels of government concerning infrastructure and communications access, this issue is ripe for further development.Crafting Balanced Policy and Building Coalitions. According to the green paper, “the risk of premature and excessive regulation is notable given the size of the potential economic benefits to U.S. producers and consumers.” The Department agrees that several discrete policy areas will require engagement by stakeholders.
- Cybersecurity. The Department will continue to bring private sector experts together with policymakers to define security principles for IoT, facilitate IoT security framework development by sector and application, and encourage the implementation of best practices and/or minimum standards. NTIA already is convening a cybersecurity-focused multi-stakeholder process to address IoT upgradeability and patching. The Department further intends to proactively support cybersecurity policy that encourages risk-based approaches, security by design, and the ability to patch insecure software and devices. This includes promoting the use of strong encryption in IoT services and products.
- Privacy. Commenters were divided on whether IoT presents novel privacy challenges and on the appropriate response to those challenges. The Department continues to support baseline privacy legislation that would include IoT services as well as an engineering approach to privacy.
- Cross-border data flows. Some governments have created policies that limit cross-border data flows, and such policies could negatively affect the growth of certain IoT sectors. The Department has made it a top priority to work with international partners to ensure that information and data continue to flow freely and the Internet remains open and global.
Promoting Standards and Technology Advancement. It is the Department’s position that standards development should be led by the private sector with appropriate government participation. The Department anticipates actively participating in, and contributing to, the development of technical standards for IoT. The green paper particularly references the Cyber-Physical Systems Public Working Group, which has prepared a Cyber-Physical Systems Framework.
Encouraging Markets. The green paper suggests that the government can play an important role in fostering the development of IoT through government application, procurement, and international engagements. Specifically, the Department suggests that it can encourage the growth of IoT markets by being a leading consumer and adopter of IoT; helping to address workforce issues; and helping to better understand, plan for, and respond to IoT through quantification and measurement. The Department plans to take steps to inform and influence government practices (including purchasing) in the use of IoT.
The green paper is comprehensive and emphasizes interagency collaboration given the complex, interdisciplinary, and cross-sector nature of IoT. However, it is important to be aware of parallel efforts on many of the issues targeted in the green paper. While a federal coordination structure for these issues would be helpful—particularly when working with private sector partners—so far it appears that such coordination will be a challenge:
- Many commenters, for example, referenced NIST’s Framework for Improving Critical Infrastructure Cybersecurity, which currently is being revised by NIST.
- The FCC is examining infrastructure availability and access, and has sought comment on wireless siting issues, among others. The FCC also has initiated a proceeding on wireless network and device security, including for IoT.
- The GSA and others continue to examine opportunities for federal adoption of IoT technologies, including, for example, through efforts to improve federal mobility programs.
- DHS is also engaged in IoT issues, and is expected to play a leading role in cybersecurity.
- Many commenters appropriately reference ongoing work at the International Telecommunication Union’s Standardization Sector, which we previously described here and here.
Following release of the green paper, the private sector has an opportunity to shape public debate and advise the new administration on opportunities to encourage innovation and investment. The Department has announced an additional request for comment on the green paper, its proposed approach for Departmental action, and next steps. The request for comment is currently under public inspection and will be published in the Federal Register.