- NTIA Announces Multistakeholder Workshop on IoT Security Patching
- September 22, 2016 | Authors: Nathan A. Cardon; Tracy P. Marshall; Sheila A. Millar
- Law Firm: Keller and Heckman LLP - Washington Office
The National Telecommunications and Information Administration (NTIA) has announced it is convening a series of multistakeholder meetings concerning Internet of Things (IoT) Security Upgradability and Patching. The initial meeting will be held in Austin, Texas, on October 19, 2016. An associated Federal Register notice (expected to be published September 19, 2016) describes the short-term goal of this new multistakeholder process as to "develop a broad, shared definition or set of definitions around security upgradability for consumer IoT, as well as strategies for communicating the security of IoT devices to consumers."
This workshop is an outgrowth of two earlier NTIA initiatives. The first is its March 2015 request for comment to "identify substantive cybersecurity issues that affect the digital ecosystem and digital economic growth where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers." The second is NTIA's April 2016 request for comment on the benefits, challenges, and potential roles for the government in fostering the advancement of the IoT. Many comments in response to the April request did raise the issue of security.
NTIA notes that, to realize the full potential of IoT,users need reasonable assurance that connected devices, embedded systems, and their applications will be secure. In so noting, NTIA describes the ultimate goal of this multistakeholder initiative as fostering a market that offers more devices and more systems that support security upgrades. This will be accomplished, in part, through increased consumer awareness and understanding. Given the enormous complexity of the IoT environment, this first workshop is expected to focus on the scope and organization of the work.
With the Federal Trade Commission's (FTC) enforcement agenda focusing on security vulnerabilities and expectations for business practices, and the explosive growth of IoT devices in the marketplace, both security and privacy implications of their use are expected to remain important topics for policy development and for enforcement.