A Framework for an IoT Future
September 22, 2017
Connected phones, connected cars, connected thermostats. In the near future, many of the everyday things we use will connect to the Internet. This will make our lives easier. Your car will know if someone is in your blindspot; your pacemaker will send data to your doctor; and you can monitor your front door from the other side of the world.
Recent cyberattacks have raised questions about the security of the IoT. These attacks pose a threat to the privacy and security of public and private institutions and consumers. They may lead to calls for regulation. But before the government steps in, it should carefully consider its approach and engage with stakeholders. Top-down, one-size-fits-all regulations are incompatible with rapid technological innovation. Collaboration between government and industry is key to ensuring that government promotes security while not burdening a burgeoning industry.
This week, Wiley Rein and the U.S. Chamber of Commerce released a report – The IoT Revolution and Our Digital Security – that offers recommendations for policymakers and industry experts to collaborate in reducing barriers to innovation and co-creating global frameworks to improve IoT security and resilience. The report offers ten key principles that should guide IoT security policy:
- When it comes to security, attempts to regulate today will become outdated tomorrow. Flexible approaches to collaboration and cooperation to combat shared threats have significant advantages over national regulation which serves to fragment the global economy and lags behind technological innovation.
- Any approach to IoT security should be data-driven, based on empirical evidence of a specific harm, and be adaptable both over time and cross-border.
- Security demands should never be used as industrial policy to advance protectionism or favor national economic interests.
- National boundaries need not become arbitrary obstacles to the movement of devices or data, or to the offering of IoT-related services.
- The development of global standards is the best way to promote common approaches and technology solutions. Such standards should be open, transparent, and technology-neutral.
- Any government IoT strategy should promote technical compatibility and interoperability to the maximum extent possible.
- Everybody is vulnerable, so cyber threats must be met with global information sharing and collaboration to improve and safeguard the IoT ecosystem.
- End users need to be educated about their roles and responsibilities in this digital age.
- Manufacturers and vendors should be encouraged to routinely evaluate and improve endpoint security.
- The international community must collectively condemn criminal activities that infect and exploit the openness and connectivity of the internet and our digital future. Governments must work together to shut down illegal activities and bring bad actors to justice.
The IoT can create jobs, expand economies, and improve lives. It also presents an incredible opportunity for the government and private sector to work together to facilitate technological innovation while improving security. The framework offered in this report can help guide those discussions and ensure a secure IoT future.