Last year saw the continued growth of enterprises adopting internet of things solutions, with companies harnessing the power of wireless data collection, analytics and connectivity to enhance productivity and efficiency in ways we could previously not imagine.
Analysts expect corporate spending on IoT in the U.S. to approach $200B in 2019, with global spending exceeding $800B. As adoption has grown, privacy and security advocates have called for regulating IoT to enhance personal privacy and to strengthen the security of IoT devices and services.
Several high-profile data breaches in the past few years were the result of hacks that used unsophisticated, vulnerable IoT devices such as nanny cams to get into secured computer networks. Researchers have even hacked into home computer networks using Wi-Fi connected “smart” IoT lightbulbs as the gateway.
IoT regulation hasn’t happened
Despite the hype and some hearings before Congress and the Federal Trade Commission, no legislation or regulations have been adopted at the federal level to regulate IoT devices or services. Three bills were introduced in Congress in 2017 – the Cyber Shield Act (which would have made IoT security voluntary); the Internet of Medical Things Resilience Partnership Act (also voluntary, but focused on IoT medical devices); and the Internet of Things Cybersecurity Improvement Act (which would have set product standards for devices sold to the government) – but none of them became law.
Indeed, lawmakers on both sides of the aisle have advocated taking a hands-off approach to IoT, attributing the rapid growth of the Internet in the ‘90’s to a lack of governmental interference. In our view, that’s a good thing – at least for the moment – because IoT holds so much promise for new innovation and economic opportunity, and because premature regulation could hobble its development. Issues such as security vulnerabilities in unsophisticated sensor/radio devices will undoubtedly be addressed by market forces: purchasers will demand greater security and suppliers will respond accordingly.
Who’s responsible when IoT fails?
As practitioners who advise clients purchasing IoT devices and service, we believe there is one important issue underlying the IoT that producers and commercial customers must resolve: Who is responsible to end users who may be harmed