The U.S. Chamber of Commerce (USCC) released a new report titled “The IoT Revolution and Our Digital Security.” The report provides recommendations to guide policymakers and industry experts as they collaborate to reduce barriers to innovation and establish global frameworks to improve security and resilience in the Internet of Things (IoT). The report was released in conjunction with a business delegation led by the U.S. Chamber to Brussels, Paris, and London to discuss transatlantic cybersecurity efforts.
“The rapid growth in the number of internet-connected devices presents a significant increase in the attack surface and methods for malicious actors,” said Ann Beauchesne, senior vice president for National Security and Emergency Preparedness at the U.S. Chamber. “Recent high-profile cyberattacks underscore the importance for public-private collaboration to create policies that enhance privacy, security, and trust in the IoT.”
“Given the complex and ever-changing cyber threat landscape, traditional regulatory responses are inadequate to keep pace with the evolution of the IoT,” said Sean Heather, vice president of the U.S. Chamber’s Center for Global Regulatory Cooperation (GRC). “Meanwhile, national policy differences threaten to create obstacles that serve as market barriers to the deployment of connected goods and services and threaten to undermine the potential of the IoT. To avoid these barriers, governments should support the development of international standards which adhere to global best practices and ensure an internationally coordinated approach.”
The new report, written in partnership with law firm Wiley Rein, studies emerging IoT use cases and the complexity of the entire ecosystem. Because the IoT market is still developing, the report urges national IoT strategies to be developed based on thoughtful study and stakeholder input.
“The IoT raises important global regulatory and liability issues that, if overlooked, could harm this emerging market,” said Megan Brown, partner at Wiley Rein LLP and lead author of the report. Brown is a member of Wiley Rein’s Telecom, Media & Technology and Privacy & Cybersecurity practices. “Because the IoT is incredibly complex, there is no one-size-fits-all solution to cybersecurity, and innovation can be stifled by premature regulations or efforts that divide markets. We applaud the U.S. Chamber’s efforts to educate all stakeholders with this report.”
The report recommends 10 principles for IoT security:
- When it comes to security, attempts to regulate today will become outdated tomorrow. Flexible approaches to collaboration and cooperation to combat shared threats have significant advantages over national regulation which serves to fragment the global economy and lags behind technological innovation.
- Any approach to IoT security should be data-driven, based on empirical evidence of a specific harm, and be adaptable both over time and cross-border.
- Security demands should never be used as industrial policy to advance protectionism or favor national economic interests.
- National boundaries need not become arbitrary obstacles to the movement of devices or data, or to the offering of IoT-related services.
- The development of global standards is the best way to promote common approaches and technology solutions. Such standards should be open, transparent, and technology-neutral.
- Any government IoT strategy should promote technical compatibility and interoperability to the maximum extent possible.
- Everybody is vulnerable, so cyber threats must be met with global information sharing and collaboration to improve and safeguard the IoT ecosystem.
- End users need to be educated about their roles and responsibilities in this digital age.
- Manufacturers and vendors should be encouraged to routinely evaluate and improve endpoint security.
- The international community must collectively condemn criminal activities that infect and exploit the openness and connectivity of the internet and our digital future. Governments must work together to shut down illegal activities and bring bad actors to justice.
The full report is available here.