Menu

IoT FEATURE NEWS

R Street Policy Study Calls IoT a Mixed Bag of Promise and Risk

By Ken Briodagh February 16, 2017

The growth of the IoT holds promise for innumerable fields. However, it also raises a bevy of security concerns and the regulators have not adequately kept pace, according to a new policy study by R Street Tech Policy Fellow Anne Hobson.

“Because of the nature of network effects, internet-of-things devices present a unique problem to the internet as a whole,” wrote Hobson. “When devices are connected, one device's vulnerability becomes a problem for the entire network. This is not a new threat, as networked devices have been around since the 1960s. However, the scale of interconnection among today's devices magnifies the consequences of insecurity.”

Addressing these risks could entail a variety of approaches, including incentives to provide consumers with information about the cybersecurity of products they purchase and a more robust market for cyber insurance.

“Lack of cybersecurity is often viewed as a demonstration of market failure. It should instead be viewed as a market opportunity for private actors to lower the cost of information exchange or to help companies mitigate cybersecurity risks,” the author writes. “Policymakers can play a role in supporting market-based solutions like cybersecurity-assurance programs, information-sharing programs and adoption of cyber insurance.”

Federal agencies should encourage the cyber insurance market by insisting that IoT contractors be held financially responsible for any liabilities created for taxpayers as a result of cyberattacks on their products or services, she posits in the report. If regulators are involved, their goals should be based upon outcomes in reality, instead of building generic standards that will fall apart in the real world.

“Policymakers should avoid any regulatory approaches that would require design standards rather than performance standards,” Hobson said. “Design standards include rules that would require products to use certain protocols or communication standards deemed secure, whereas performance standards would set a desired safety outcome without specifying the means to achieving it. This would motivate companies to focus on compliance, rather than security. Legislating specific technical solutions would codify easily outdated features, limit U.S. competitiveness abroad and stunt experimentation.”

R Street is a not-for-profit, nonpartisan public policy research organization whose mission is to promote free markets and limited, effective government.




Edited by Alicia Young

Editorial Director

SHARE THIS ARTICLE
Related Articles

IoT Evolution World Week in Review: Intel, Nokia, Telefonica

By: Ken Briodagh    6/24/2017

Welcome to the IoT Evolution Week in Review, my friends. This week, we've been talking about global cybersecurity, the IoT Evolution Expo, healthcare …

Read More

IoT Time Podcast S.2 Ep.33 Trusted Computing Group

By: Ken Briodagh    6/22/2017

On this episode of the IoT Time Podcast, Ken Briodagh sits down with Steve Hanna, chair of TCG's embedded systems and IoT work groups, and principal a…

Read More

IoT Time Preview: The Cloud

By: Ken Briodagh    6/22/2017

In this weekly series, we'll be previewing chapters of "IoT Time: Evolving Trends in the Internet of Things" for you to read in the hopes that you'll …

Read More

IoT Evolution Speakers: Lee Gruenfeld Speaks Out

By: Ken Briodagh    6/22/2017

Lee Gruenfeld is Managing Partner of the Cholawsky & Gruenfeld SaaS/IoT consulting firm, and is a Principal with the TechPar Group in New York, a bout…

Read More

IoT Evolution Speakers: Jeff Liebl Speaks Out

By: Ken Briodagh    6/22/2017

Jeff Liebl is President of Anaren IoT Group, which designs, manufactures and sells custom high-frequency solutions and standard components for the wir…

Read More