IoT: The Government Ostrich Effect?
On October 20th, four ranking members on the Senate Commerce Committee, Sens. Deb Fischer (R-Neb.), Corey Booker (D-N.J.), Kelly Ayotte (R-N.H.) and Brian Schatz (D-Hawaii), wrote a letter to Chairman Jay Rockefeller (D-W.V.) emphasizing the need for an Internet of Things (IoT) hearing before the end of 2014.
The letter states, “The introduction of these innovative consumer products present a wide range of cutting-edge policy issues impacting a broad set of businesses and industry sectors.”
While the content of this letter is true, the government has earned its reputation of being slow to put cybersecurity policies in place – and when they do, the policies are often already outdated. For example, in 2013, the U.S. National Institute of Standards and Technology updated the federal cybersecurity standards for the first time since 2005. If it took them eight years to figure out that Wi-Fi should be regulated, then they are way in over their heads when it comes to the security challenges that will result from the proliferation of the IoT.
A year ago, the Federal Trade Commission held a workshop on the IoT entitled, “Internet of Things: Privacy & Security in a Connected World.” During this session, Chairwoman Edith Ramirez noted that IoT devices facilitate the collection of user data, which not only invades the privacy of the users – but also puts them at risk for exploitation. I hope she bought a lottery ticket.
This workshop was over a YEAR ago. Before Snapchat was hacked, before the celebrity photo leaks, even before the Target data breach, the government was aware of the security risks that result from an increasingly connected world.
I commend the four lawmakers who laid out the need for a general oversight and information-gathering session on the IoT, as it is severely overdue. IoT developers are rushing to make every appliance “smart” without having to comply with IoT standards or regulations to protect the consumer and American corporations from threats that many would classify as national security risks.
The security threats are not going to wait for the government to understand the depths of IoT – it is already here and the challenges will only get more complicated as the number of devices proliferates.
And it is fair to say that a complete cyber security disaster that derives from a coordinated attack on some type of IoT device is inevitable. Think about an attack on big business for example and how it could result in employee exploitation and confidential information leaked into the hands of foreign spies or terrorists.
It is necessary for the government to at least debate what responsibility it has in regulating the IoT. But that’s a conversation for another day.
In the meantime, as the gift-giving season is quickly upon us, there will certainly be a surge in IoT devices as connected wearables and appliances are exchanged. It will be interesting to see if the holiday rush adds urgency to the Senate or if the IoT will fall victim to the lame duck Congress. My money is on the latter.