Friday Update: IoT Security in Congress, Industry... And Vegas

January 6, 2017

This week we have seen more contributions to the growing body of work on IoT.  The House Energy and Commerce Committee’s Internet of Things (IoT) Working Group released a White Paper detailing its activities.  Security has been a major topic this week at the Consumer Electronics Show (CES) in Las Vegas.  And a private working group, Online Trust Alliance (OTA), this week released an IoT Trust Framework and Resource Guide.  IoT will remain to a hot topic, and we expect agencies and Congress to continue to examine security implications.

Congress: IoT Working Group White Paper

A bi-partisan House IoT Working Group—co-chaired by Congressman Bob Latta (R-OH) and Congressman Peter Welch (D-VT)—held five off-the-record roundtables to discuss IoT matters with technology experts, stakeholders, and industry leaders.  The IoT Working Group discussed the benefits and challenges of IoT generally and as they relate to connected vehicles, cybersecurity and privacy, energy, and health.  Security and privacy challenges were common themes, as was the importance of pursuing a flexible regulatory approach.  According to the White Paper, some participants recommended that the government refrain from adopting “one-size-fits-all” mandates and emphasized the need for any regulation to be workable in an environment where IoT technology and threats are rapidly evolving.

The White Paper also summarizes IoT initiatives outside of Congress in the public and private sectors: The National Telecommunications and Information Administration (NTIA) is using the multistakeholder process to review IoT, including security and potential roles for government in fostering IoT advancement.  The National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) have issued guidance on securing IoT devices and the broader ecosystem.  The Federal Trade Commission (FTC) released a report setting forth best practices.  The White Paper also discusses private efforts to develop voluntary standards and best practices.  The White Paper concludes by emphasizing the importance of continued collaboration between the federal government and private sector. 

CES: Focus on IoT and Security

            Several Wiley Rein attorneys are at CES in Vegas this week and have seen a major focus on IoT and security.  The incredible tech innovation and solutions on the show floor—from smart washing machines to home systems to connected cars and health solutions—show the imminent explosion of connectivity, with attendant consumer and regulatory interest in security.  For example, at panel discussion with FTC and FCC Commissioners yesterday, IoT was a hot topic with discussion of security expectations of consumers and debate over the proper role of government in fostering innovation.

OTA: IoT Trust Framework

OTA, in collaboration with non-governmental organizations (NGOs), trade organizations, security advocates, and other stakeholders, released version 2.0 of the IoT Trust Framework—a modernized framework setting forth baseline security and privacy enhancing principles for wearable technologies and connected home or office devices.  OTA designed the framework to guide device development and risk assessment by IoT device developers, purchasers, and retailers.  Its recommendations are based in part on the widely-accepted Fair Information Practice Principles (FIPPs) and guidance from industry organizations and federal agencies.  

Like the original Trust Framework released in March 2016, the revised framework organizes principles under four categories: security principles; user access and credentials; privacy, disclosures and transparency; and notifications and related best practices.  The new Trust Framework adds five new principles concerning efficient vulnerability remediation, device design, measures to guard against physical tampering, device accessibility, and user awareness.  The Trust Framework offers 37 strategic principles to secure IoT devices and their data. 

Looking Ahead

Policy makers and tech leaders are engaged, and will continue to discuss these issues.  For example, the Congresswoman Suzan DelBene and industry leaders will address 5G, wireless, and IoT next week in an event on the Hill on January 11th entitled Women of Wireless: A Discussion of 5G, IoT, and What’s Next in Mobile Innovation, hosted by the Women’s High Tech Coalition.  For more information, look here: http://womenshightech.org/upcoming-events/.

The IoT Working Group White Paper and OTA IoT Trust Framework are two more additions to the growing list of guidance for IoT.  As scrutiny of IoT continues, it will be important for stakeholders to engage the government and explain what they are doing to secure IoT.  Government and consumers will continue to expect privacy and security to be addressed as wireless technologies and networks evolve.   

Wiley Connect

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek