It is safe to say Internet of Things (IoT) fascination has gripped Washington’s attention. Over the past year, there have been no fewer than six congressional hearings and the launch of the Congressional Caucus on Internet of Things (IoT). It seems there is a large IoT forum taking place somewhere in the nation’s capital on an almost weekly basis. We welcome policymakers’ interest in IoT, and look forward to engaging together in a robust dialogue to further understand how these new advances can help tackle societal problems, unleash new economic growth, and improve lives. It is our hope that policymakers can help foster a policy environment that spurs innovation.
Earlier this week, Dean Garfield, ITI’s President and CEO, joined the Forum Global’s Internet of Things Global Summit to discuss security in the IoT space. What was apparent from the discussion is that there is a deep desire for greater coordination between, and across, industry, government, and academia to foster IoT development and address its challenges through public-private partnerships (PPPs). Panelists in the discussion regularly referenced the National Institute of Standards and Technology (NIST) Cybersecurity Framework (the Framework) as a recent leading example of the potential opportunities for public-private collaboration to improve IoT security.
The tech sector has demonstrated a commitment to cybersecurity and the Framework from its inception to its early implementation through partnership efforts with NIST and other government stakeholders. Spurred by Executive Order 13636, issued in February 2013, the Framework was developed through a process of coordination and collaboration led by NIST between the technology industry, others in private industry, and U.S. government partners. What resulted is a set of voluntary guidance best practices, and standards to help critical infrastructure, businesses, and other private and public actors to better manage cybersecurity risks.
Currently, NIST is leading a similar public-private partnership effort to address IoT security, having recently released a Draft Framework for Cyber-Physical Systems (CPS Framework). Developed in partnership with industry, academic, and government experts, the CPS Framework is intended to provide a methodology for understanding, designing, and building CPS (a term which embraces the IoT), including those with multiple applications. One of the key working groups from the start of this project has focused on cybersecurity and privacy. Globally, we believe policymakers should continue to replicate this partnership approach in addressing IoT cybersecurity challenges, and the tech sector stands ready as a willing and able partner in such efforts.
One of the Framework’s primary strengths is that it provides a common cybersecurity language and applies to businesses, systems, and assets across various critical infrastructure and economic sectors, including many “early adopter” IoT verticals, such as transportation, healthcare, food and agriculture, and others. Unfortunately, we have already seen some attempts in Congress to take exactly the opposite tact and address IoT security through siloed, overly-regulatory approaches. Just last week a hearing was held on a draft auto safety and security bill that attempts to create a new structure and cyber best practices specifically for the automotive sector. Policymakers should instead seize the opportunity to demonstrate cross-governmental coordination on IoT and cybersecurity by directing NIST and Department of Transportation (DoT) to partner with industry on applying the NIST framework to the automotive and transportation sectors.
We encourage policymakers to look to PPPs, not just to enhance cybersecurity in the IoT, but to address the broad range of opportunities and challenges that come along with digitizing our physical world. This approach is in line with ITI’s cybersecurity principles, which are applicable to the IoT in their approach to addressing security, including the need to leverage PPPs in solving our collective cybersecurity challenges.
Working collaboratively together, stakeholders from the tech sector, government, industry partners, and others can endeavor to improve IoT security in a way that still spurs innovation, protects consumers’ privacy, and promotes the next evolutionary era of the Internet as a driver of global economic development and societal enrichment.