In a recent post, we noted that the US federal government has become increasingly concerned about the security of Internet of Things (IoT) devices. On November 15, the US Department of Homeland Security (DHS) issued guidance to help stakeholders account for security in the development, manufacturing, implementation, and use of IoT devices.

The set of nonbinding principles and suggested best practices for IoT device security includes the following:

  • Provide manufacturer-supplied usernames and passwords that are unique and difficult for botnets to crack (in recognition of the fact that many consumers never reset default usernames and passwords initially provided with their devices).
  • Coordinate software updates among third-party vendors to ensure consumer devices have the most updated set of protections.
  • Implement an end-of-life strategy and communicate to consumers the risks of using devices beyond their usability dates.
  • Apply basic software security and cybersecurity practices while also referring to industry-specific security guidance, if available.
  • Perform “red-teaming” exercises—during which developers actively try to bypass the security measures of an IoT device—and use the results to prioritize what and where additional security measures are needed.
  • Advise consumers about the intended purpose of any network connections—especially since the critical functions of many IoT devices do not require a connection to the internet.

Recent attempted cyberattacks that used Internet of Things (IoT) devices to effect the attempted attacks have led to growing concern within the federal government over the security of such devices and the potential such devices have to launch future attacks.

On October 25, Senator Mark Warner (D-VA), a member of the Senate Select Committee on Intelligence, wrote a letter to Federal Communications Commission (FCC) Chairman Tom Wheeler asking Chairman Wheeler to respond to a series of questions regarding the tools needed to prevent cyberattacks using IoT devices. Senator Warner sent similar inquiries to the Federal Trade Commission (FTC) and the Department of Homeland Security’s National Cybersecurity & Communications Integration Center.

On October 6, Federal Communications Commission (FCC) Chairman Tom Wheeler released a factsheet outlining proposed rules aimed at protecting broadband consumers’ privacy. The proposed rules would apply to internet service providers (ISPs) and cover data collection, usage, security, and breach notification.

If adopted, ISPs would need to notify their consumers about the types of data being collected, when and how collected consumer data can be shared, and the types of entities with which ISPs can share the information. ISPs would also be required to adopt reasonable measures to protect consumer data from data breaches and other vulnerabilities.

On October 13, partner Andrew Lipman will present a webinar, “The 2016 Election: Telecom, Media, and Tech Impacts.” The webinar will cover the pre- and post-election legal and regulatory landscapes applicable to the telecom, media, and technology industries.

Andrew will discuss various consequences of the election results on US Congress, federal courts, the Federal Communications Commission (FCC), the US Department of Justice, and other government agencies. He will also specifically cover the FCC’s policies on competition and antitrust, net neutrality, spectrum ownership, broadband deployment and adoption, consumer privacy, and data security.

The webinar will be held October 13, 2016 from 2:00-3:00 pm eastern. To learn more and to sign up, please visit the webinar’s event page.

As of September 30, Russian state authorities now reject tender submissions for supply of certain foreign electronic equipment if there are two concurrent submissions for supply of locally produced equipment. The ban applies to 113 types of equipment, including personal computers, printers, memory cards, mobile and landline phones, TV sets, cameras, microphones, and cash and ATM machines.

Electronic equipment may qualify as local if it is produced under a special investment contract between an investor and federal or regional government or if it is fully manufactured or significantly reprocessed in Russia. Some additional localization criteria specific for certain equipment also applies.

As part of our Sourcing and Technology Lunchtime Series, partners Michael Pillion and Peter Watt-Morse recently spoke during their webinar “The Next Frontier: How Robots and Automation are Changing Outsourcing and Technology Agreements.”

The webinar highlighted the emerging market for robotic process automation and artificial intelligence software and the adjustments to services, pricing models, and contractual provisions that arise from adopting this technology.

Listen to the webinar and review the PowerPoint presentation >>

According to a recent global study, integrating Internet of Things (IoT) technologies into core business processes is surging, and 76% of organizations surveyed say IoT will be “critical” to future success. According to the study, IoT adopters are integrating the technology into a broad spectrum of technologies and business processes, many of which intersect with commonly outsourced business functions, such as IT support, facilities management, and enterprise resource planning (ERP).

The Federal Trade Commission (FTC) recently warned that Internet of Things (IoT) products and services that are no longer operational, updated, or supported present significant issues related to consumer expectations, security, and privacy. Although the FTC noted the industry’s bright future within a product sunset context, the implied “parade of horribles” could have been framed in the grim style of poet Archibald MacLeish as an “ever climbing shadow.”

Internet-connected devices that cease functioning properly, or as expected, could lead to problems on several levels. For example, some IoT devices and services will be serving safety and other important roles, and malfunctions could lead to injury, property damage, and theft, especially if consumers are unaware of product limitations. Second, out-of-date IoT products are more likely to be vulnerable to hackers and bugs. Finally, because IoT products will be tangled in a web of connections, security failures in one device could spill over to other devices and “put consumers’ sensitive data at risk.”

Senator Mark Warner of Virginia recently sent a letter to the Federal Trade Commission (FTC) expressing concern over the potential explosion of collection, storage, and usage of children’s personal information in connection with the Internet of Things (IoT), including mobile apps and so-called “smart toys.”

In the letter, Senator Warner noted that the scope and duration of data collection is expanding rapidly, enabled by the falling cost of digital storage and internet connectivity, and “more and more Internet-connected devices are making their way into children’s hands.” Thus, seemingly simple everyday purchases—such as toys—could raise complex privacy and safety issues that consumers may struggle with or not fully comprehend.

Mark Rosekind, chief of the National Highway Traffic Safety Administration (NHTSA), recently announced that the NHTSA will release documents to serve as a framework for national regulations concerning automated and autonomous vehicles. The documents, which are scheduled for release in July, will allow states to institute additional rules or regulations regarding self-driving vehicles.

In another appearance last week, Mr. Rosekind further explained that the NHTSA has been working on a model state policy for automated vehicles to help states develop policies consistent with other states’ and federal policies and in turn promote “a uniform nationwide framework to help enable innovation.” Mr. Rosekind also noted that the NHTSA is mindful that any regulations in this industry must evolve with the industry rather than remain static for long periods of time.

Although this model policy framework will be a resource available to states, as Mr. Rosekind put it, “What the states actually implement is their call.” With these remarks, he clarified that the NHTSA has no current intention to promote binding federal regulations as a means of achieving a consistent approach to self-driving vehicle restrictions nationwide. This is undoubtedly a disappointment to the many companies in the industry that have pushed for federal regulations to promote uniformity and avoid the substantial efforts necessary to sift through the potentially conflicting state rules.