The U.S. government seems to have its eye on the Internet of Things, as another report on the role of IoT regulation was just issued.
The report by the FCC addresses cybersecurity, including the Internet of Things as a driving force and the need for regulatory bodies to step in.
Specifically, the more than 50-page document proposes that there is a gap between the consumer expectation of IoT device security and the security that is actually built into those devices by the brands making them.
“The large and diverse number of IoT vendors, who are driven by competition to keep prices low, hinders coordinated efforts to build security by design into the IoT on a voluntary basis,” the report says. “Left unchecked, the growing IoT widens the gap between the ideal investment from the commercial point of view and from society’s view.”
As a result, the FCC is closely monitoring the market, as other parts of the government have already begun doing to create the various sets of recently-released standards and guidelines.
For example, the Department of Homeland Security (DHS) recently developed a set of guiding principles to secure the Internet of Things, as the IoT Daily reported (U.S. Issues Guidelines For IoT Security).
“The growing dependency on network-connected technologies is outpacing the means to secure them,” Jeh Johnson, secretary of Homeland Security said at the time. “Securing the Internet of Things has become a matter of homeland security.”
The principles include enabling security by default in IoT devices by using unique usernames and passwords and advancing security updates and vulnerability management, among others.
Another set of IoT security guidelines was developed for consumer IoT devices by the Broadband Internet Technical Advisory (BITAG), as the IoT Daily reported (Internet Industry Group Issues IoT Security Guidelines).
Using already established software security best-practices and building security into IoT devices from the beginning are some of the recommendations seen in the DHS and BITAG guidelines, both of which are referenced in the FCC report.
The Department of Commerce also recently developed a set of principles to guide its own initiatives, including a plan to be a leading IoT consumer, as the IoT Daily recently reported (Commerce Dept. Sets Guiding Principles For Internet Of Things).
Although those principles seem to be internally-facing, the Department of Commerce appears to be focused on the growth of the Internet of Things in general.
Internet of Things promises to revolutionize our world from increasing efficiency and convenience for industry, consumers, and government to improving safety,” Penny Pritzker, secretary of the
U.S. Department of Commerce, said at the time.
“Today’s report affirms the department’s commitment to creating the conditions for emerging technologies to thrive, and it identifies future actions necessary to support the evolution and expansion of the IoT,” Pritzker said.
However, some government agencies have a targeted approach, rather than creating guidelines or regulations for the Internet of Things as a whole.
For example, the FTC is focusing on in-home IoT device security with a recently launched $25,000 challenge for consumers, as the IoT Daily reported (FTC Challenge: $25,000 To Create IoT Security Solution).
The IoT Home Inspector Challenge is tapping consumers to develop a technical solution for the security risks created by IoT devices with outdated software in their homes. The goal is to develop a technical solution that can identify which devices in a consumer’s home need a software update and, if needed, help facilitate the updates.
If the FCC determines that the risks identified within the Internet of Things won’t be naturally addressed by the market adequately, it plans to take action.
Such action could include updating the FCC’s equipment certification process to protect networks from security risks in IoT devices or create a task force to assess the risk to critical infrastructure, which would lead to potential new laws, according to the FCC.