Increasing the Potential of IoT through Security and Transparency
To help realize the full innovative potential of the Internet of Things, users need reasonable assurance that IoT devices and applications will be secure. One particular area of concern is whether and how to address potential security vulnerabilities in IoT devices or applications through patching and security upgrades. In the early IoT market, there has sometimes been limited consideration for supporting future security patches, even though many devices will eventually need them. Enabling a thriving market for devices that support security upgrades requires common definitions so consumers know what they are getting.
A range of commenters on the National Telecommunications and Information Administration’s recent IoT Request for Comment and 2015’s Request for Comment related to cybersecurity identified security upgradability as an issue that required attention and coordination. In response, NTIA is planning to launch a new multistakeholder process to support better consumer understanding of IoT products that support security upgrades. We have utilized this approach to help make progress on issues such as cybersecurity vulnerability disclosure and providing more transparency about data collected by mobile apps. Given the burgeoning consumer adoption of IoT, the time seems ripe to bring stakeholders together to help drive some guidelines to encourage the growth of IoT. The goal of the new multistakeholder process will be to promote transparency in how patches or upgrades to IoT devices and applications are deployed. Potential outcomes could include a set of common, shared terms or definitions that could be used to standardize descriptions of security upgradability or a set of tools to better communicate security upgradability. As with our other multistakeholder processes, it will be up to stakeholders to determine what outcome they want and when they have reached consensus on it. NTIA will act as a neutral convener. We welcome broad participation and diverse perspectives.
Increasing the Potential of IoT through Security and Transparency