As security concerns rise about Internet of Things (IoT) devices, so does the debate about the necessity of government regulations. Should the government regulate IoT? Many Internet of Things devices on the market today have little to no security built in, which can compromise the privacy and even personal security of consumers.
Many consumers today are not (yet) clamoring for more regulation. A lot of them do not realize that their smart devices may be compromising their privacy in significant ways. Yet there is a growing concern from those in government and industry that something must be done. The question is, however, whether more secure devices will arise through government regulations imposed by governments that are often hacked themselves, or by the Internet of Things industry itself.
Should the government regulate IoT?
Proponents of government regulations see the following benefits to having the government regulate IoT devices:
- Standards applied to every device that help to protect the security of consumers
- Requirements for patches that take new security concerns into account
Opponents take a different view. Should the government regulate IoT devices, they are concerned about:
- Regulation and bureaucracy stifling innovation
- Expensive regulations eliminating smaller companies, reducing consumer choice and competition
- The government lacks the expertise to effectively regulate these devices
What are lawmakers doing today?
Several countries are already proposing regulations related to this issue. For example, in Australia, lawmakers have proposed a certification for IoT devices with requirements such as:
- Changeable, non-guessable, non-default passwords
- Not to expose ports to the wider internet
- Software updates to fix known vulnerabilities
In the United States, lawmakers are working on a bill related to devices purchased by the federal government that includes requirements such as:
- Devices must be patchable, rely on industry standard protocols, and be built without hard-coded passwords and known security vulnerabilities
- Alternative network-level security requirements for devices with limited data processing and software functionality
- Cybersecurity coordinated vulnerability disclosure policies will be required of all contractors that provide connected devices to the U.S. Government
It is essential that Internet of Things devices become more secure in order to protect consumers, governments, and organizations alike, while complying with international data privacy regulations. Whether that is done through government regulation or industry self-regulation remains to be seen. Likely it will be a combination of both. As consumers and organizations alike become more aware of the security risks of IoT devices, the market demand for more secure devices will grow, increasing the supply in a market-driven economy. Likely we will see the government regulate IoT devices, while the market demand increases.
What do you think?
Should governments regulate Internet of Things devices? Or can the industry self-regulate? Please share your thoughts in the comments.
And if you’d like to learn more about the Internet of Things, check out our newest course program: IEEE Guide to the Internet of Things.
List, J. (2017, 16 Oct). Aussies Propose Crackdown on Insecure IoT Devices. Hackaday.
Corsec. (2017, 27 Sept). IoT Security Facing Government Regulation. Corsec blog.
Thierer, A. and O’Sullivan, A. (2017, 12 June). Leave the Internet of Things Alone. US News & World Report.
Thomson, I. (2017, 15 Feb). You Know IoT Security is Bad when Libertarians Call for Strict Regulations. The Register.