Pursuant to Executive Order 13636, the National Institute of Standards and Technology (“NIST”) established the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, a technology-neutral, voluntary, risk-based cybersecurity framework that includes standards and processes intended to align policy, business, and technological approaches to addressing cybersecurity risks. Four years later, NIST has released an updated version … Continue Reading
Two hundred billion IoT devices could be in use by 2020, according to one estimate cited in the World Economic Forum’s recent report, Mitigating Risk in the Innovation Economy. This rapid integration of the digital world and the physical world presents unprecedented opportunities for businesses in a wide array of industries. But it also creates … Continue Reading
On January 12, the International Consumer Electronics Show (CES) in Las Vegas closed its doors for another year. Each CES raises a new set of technology themes, ranging from robots to smart fridges — and this year, the winner was voice technologies. Such technologies, while not entirely new, are now becoming mainstream: sales of smart … Continue Reading
By Susan Cassidy, Jenny Martin, and Catlin Meade The National Institute of Standards and Technology (“NIST”) released on August 15, 2017 its proposed update to Special Publication (“SP”) 800-53. NIST SP 800-53, which was last revised in 2014, provides information security standards and guidelines, including baseline control requirements, for implementation on federal information systems under … Continue Reading
On August 1, 2017, a bipartisan group of Senators introduced legislation (fact sheet) that would establish minimum cybersecurity standards for Internet of Things (“IoT”) devices sold to the U.S. Government. As Internet-connected devices become increasingly ubiquitous and susceptible to evolving and complex cyber threats, the proposed bill attempts to safeguard the security of executive agencies’ … Continue Reading
A bill pending in the California legislature, if passed, would create new obligations for manufacturers of “connected devices.” S.B. 327 (also known as the “Teddy Bear and Toaster Act”) would operate somewhat differently than existing laws, such as the California Online Privacy Protection Act (“CalOPPA”). Security obligations. Manufacturers of connected devices that sell those devices … Continue Reading
The Department of Commerce released a “green paper” earlier this month proposing steps the Department can take to advance and support the Internet of Things (“IoT”). The report includes recommendations based on comments submitted to the Department in response to an April 2016 Request for Comment as well as feedback from a September 2016 IoT … Continue Reading
On December 1, 2016, the Commission on Enhancing National Cybersecurity released its Report on Securing and Growing the Digital Economy. In its Report, the Commission, established in February 2016 by President Obama, provided detailed short- and long-term recommendations to strengthen cybersecurity in the public and private sectors. The Commission took a multi-stakeholder approach, emphasizing the … Continue Reading
The recent National Institute of Standards and Technology (NIST) publication of cybersecurity guidance for the Internet of Things (IoT) is a useful reminder that hacking incidents can result not only in privacy breaches, but also in bodily injury or property damage — via critical infrastructure, medical devices and hospital equipment, networked home appliances, or even … Continue Reading
Following NIST’s release of cybersecurity guidance for the Internet of Things last week, the Broadband Internet Technical Advisory Group (BITAG) released a report today titled Internet of Things (IoT) Security and Privacy Recommendations (the Report). BITAG is a non-profit organization that brings together engineers and technologists in a working group to develop consensus on technical … Continue Reading
On November 15, 2016, the National Institute of Standards and Technology (NIST) released its final guidance providing engineering-based solutions to protect cyber-physical systems and systems-of-systems, including the Internet of Things (IoT), against a wide range of disruptions, threats, and other hazards. NIST Special Publication 800-160 (the “Guidance”) is the result of four years of research … Continue Reading
Yesterday, the Senate Commerce Committee passed a bill meant to increase government involvement in the development of the “Internet of Things” (IoT). By a voice vote, the committee approved the Developing Innovation and Growing the Internet of Things (DIGIT) Act, sponsored by Sen. Deb Fischer (R-Neb.), Sen. Kelly Ayotte (R-N.H.), Sen. Cory Booker (D-N.J.), and … Continue Reading
By Vera Coughlan, Monika Kuschewsky and Kristof Van Quathem Yesterday, the European Commission launched its “Digitising European Industry” package, a series of industry related initiatives aimed at “updating Europe’s digital infrastructure”, see press release here, Q&A here and homepage here. The package includes reports and proposals addressing cloud computing, ICT standardization, eGovernment, Internet of Things … Continue Reading
Yesterday, the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce, issued a Request For Public Comment (RFC) seeking comment on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things (IoT). NTIA issued the RFC as part of the Commerce Department’s Digital … Continue Reading
The FTC has cautioned that a recent settlement holds lessons for companies involved in the Internet of Things. The settlement, announced on Tuesday, was reached with hardware manufacturer ASUS over concerns that its router products carried certain security vulnerabilities. Notably, in addition to alleging that ASUS’s actions violated promises to consumers, the FTC alleged that … Continue Reading
A European Parliament policy department has released a report, entitled Big Data and Smart Devices and Their Impact on Privacy, that criticizes the lack of focus on privacy and data protection in the European Commission’s “Digital Single Market” policy agenda, noting a “conflicting” intersection between the Commission’s Digital Single Market objectives and the EU’s efforts, … Continue Reading
Last Friday, Fiat Chrysler announced the recall of 1.4 million vehicles to fix security vulnerabilities, further highlighting the importance of properly addressing cybersecurity issues created by the use of connected devices. The recall follows an article published last Tuesday by Wired magazine which described methods used by security researchers to remotely access a Jeep Cherokee, … Continue Reading
As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week. This week, we’re up for some digital magazine reading. It’s refreshing when privacy issues burst into the mainstream consciousness, and we have two great examples of that this … Continue Reading
By Ani Gevorkian The Subcommittee on Commerce, Manufacturing, and Trade of the House Energy and Commerce Committee held a hearing on Tuesday entitled, “The Internet of Things: Exploring the Next Technology Frontier.” The hearing focused on the promises Internet of Things (“IoT”) technology holds, and what role Congress should play in addresses the challenges IoT … Continue Reading
Next Tuesday, March 24 at 11 a.m., the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing, and Trade will host a hearing entitled “The Internet of Things: Exploring the Next Technology Frontier.” The hearing will follow an Internet of Things (“IoT”) showcase featuring Internet-connected products manufactured in members’ districts. Congress already has begun taking … Continue Reading
By Jeff Kosseff, Meena Harris, and Caleb Skeath Data Breaches Studies show increase. Amidst a flurry of high-profile breaches during 2014, several studies confirmed that data breaches as a whole have risen significantly over the past few years. The California Attorney General released a study showing a 28% increase in breaches in 2013 as compared … Continue Reading
The U.S. Senate Committee on Commerce, Science, and Transportation held a hearing on February 11, 2015, entitled The Connected World: Examining the Internet of Things. The panelists included Justin Brookman, director of the Consumer Privacy Project at the Center for Democracy and Technology; Adam Thierer, a senior research fellow at George Mason University’s Mercatus Center; … Continue Reading
As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week. Sure, you’re reading the FTC’s just‑released Internet of Things report (and hopefully Shel’s helpful analysis of it), but a little broader reading might be just right for our … Continue Reading
Yesterday, the Federal Trade Commission released a staff report on the Internet of Things (“IoT”) that provides best practice recommendations for addressing privacy and security risks associated with IoT products and services. The report, Internet of Things: Privacy & Security in a Connected World, also summarizes findings from the FTC’s 2013 IoT workshop. In the … Continue Reading
