The US Chamber of Commerce is offering a set of best practice recommendations to bridge national policy differences in setting IoT security standards.
In a new report, “The IoT Revolution and Our Digital Security”, the Chamber indicates the rapid increase in internet-connected devices presents a cybersecurity threat traditional regulatory processes are ill-equipped to handle. The agency concluded a global regulatory framework is necessary to keep pace with IoT innovation and emerging threats, but officials acknowledged there are some roadblocks to harmonisation.
“Given the complex and ever-changing cyber threat landscape, traditional regulatory responses are inadequate to keep pace with the evolution of the IoT,” said Sean Heather, vice president of the US Chamber’s Centre for Global Regulatory Cooperation (GRC). “National policy differences threaten to create obstacles that serve as market barriers to the deployment of connected goods and services and threaten to undermine the potential of the IoT. To avoid these barriers, governments should support the development of international standards which adhere to global best practices and ensure an internationally coordinated approach.”
To help regulators across the globe bridge national policy differences, Chamber offered up 10 “best practice” recommendations for IoT security. These include implementing flexible approaches to collaboration to combat shared threats; basing security measures on empirical evidence; avoiding the use of security demands to advance protectionism or favour national economic interests; and promoting interoperability to the “maximum extent possible”.
The full list of recommendations can be found here.
Why standards matter
ABI Research estimated there will be 48.8 billion connected devices globally by 2021. But many early adopters have struggled to fill the gaps in IoT security. According to a June report from consulting firm Altman Vilandrie & Company, nearly half (48 percent) of US companies utilising an IoT network have been impacted by a security breach.
Operators like AT&T and Verizon have stepped up efforts to provide end-to-end IoT security through the use of device authentication and secure networks. But ABI Research said broader trust of devices and networks will be necessary to facilitate implementation and adoption of IoT technologies.
“Without such trust, IoT adoption may prove disastrous. And not just financially. Failure of critical devices, such as connected cars or medical appliances, could have life-threatening implications” Michela Menting, ABI Research’s Digital Security research director, commented. “Standards can and will play a significant role in enabling this trust. Security standards specifically can provide a foundation for building robust and trusted IoT devices, both from a digital and a physical security perspective.”