Wouldn’t it be nice if you could trust that your device is secure, so that it isn’t leaking your private data, becoming a bot and attacking other users, or putting you at risk?
We think so too.
By using their buying power to influence the market, combined with forward-looking, smart policies and regulations, governments can help build an Internet of Things (IoT) we can trust. With over ten billion IoT devices, applications, and services already in use, and the number of connected devices forecasted to jump to over thirty-eight billion by 2020, ensuring that governments take the right actions now around IoT security is critical.
Governments have important choices to make now to help ensure that IoT consumers are secure, innovation can flourish, and we can all fully benefit from IoT.
We are pleased to release IoT Security for Policymakers, a discussion paper to help provide a solid foundation for policymakers and regulators as they address IoT security. In the paper, we highlight key issues and challenges of IoT security, along with guiding principles and recommendations. While many of IoT’s challenges are technical, some of the most pressing are social, economic, or legal. There are countless consumers with little knowledge or information about IoT security, which constrains consumer demand for well-secured products over ill-secured ones. In addition, good IoT security is slow and expensive for manufacturers to develop, leading many to make security an afterthought. In many cases, there is legal uncertainty around accountability for IoT security, making it difficult to assign responsibility or ensure compensation for harm. IoT also presents important privacy challenges, however, those will be addressed in a forthcoming paper focused on privacy and IoT.
While none of these security challenges can be addressed by governments alone, there are important steps that governments can and should take now to make a difference. Our paper identifies some guiding principles and key actions for policymakers to take to help solve these challenges. Some of these actions are regulatory, like strengthening accountability by clearly assigning liability in advance. Others rely on the strong buying power of governments. For example, changing procurement policies to emphasize security so that companies have greater incentives to produce IoT products and services with strong security features..
It is incumbent upon us all – policymakers, businesses, members of the technical community, and civil society – to ensure that IoT’s impact is a positive one by proactively tackling its challenges, while enabling its opportunities for all.
Please read and share our new paper, IoT Security for Policymakers, to learn about the challenges we face and how governments, policymakers, and regulators can make a difference. As the discussion paper continues to evolve, we welcome your comments at [email protected].