News & Insights  |  Alerts

NTIA Announces First Multistakeholder Meeting on IoT Security

September 16, 2016

The National Telecommunications and Information Administration (NTIA) has slated its first multistakeholder meeting on Internet of Things (IoT) security for October 19, 2016. The meeting will occur during the Consumer Technology Association’s Technology and Standards Forum in Austin, TX and will focus on IoT security upgradability and patching. As security patching and updates receive increasing attention, NTIA’s effort could influence litigation and regulatory risks in the IoT space.

The ultimate goal of NTIA’s multistakeholder process is to encourage consumer awareness and understanding of IoT devices and services that support security upgrades and patching. In announcing the initiative back in August, NTIA emphasized the need for “common definitions” that will enable manufacturers to “effectively communicate to consumers the security features of their devices.” According to NTIA, the current lack of such definitions is “detrimental to the digital ecosystem as a whole” because it fails to reward companies that invest in patching and prevents consumers from making informed purchasing choices. The immediate goals of the process are “to develop a broad, shared definition or set of definitions around security upgradability for consumer IoT” and to develop “strategies for communicating the security features of IoT devices to consumers.”

NTIA has stated that it does not expect its process to lead to new laws, regulations, or technical standards. But as litigation over vulnerabilities looms and companies grapple with the complexities of vulnerability disclosure, NTIA’s effort may be influential.

This is particularly true as the IoT has become an important area of focus in Congress and federal agencies. The Federal Communications Commission (FCC), the Federal Trade Commission (FTC), the U.S. Food and Drug Administration (FDA), and the National Highway Traffic Safety Administration (NHTSA) are looking at software security from cell phones to connected cars and medical devices. Security updates and patching are also part of efforts at the U.S. Department of Homeland Security (DHS) to address mobile security, including threats and countermeasures. Federal review of mobile device security may shape approaches to the IoT, which raises similar issues in an even more complex and cross-sector way.

NTIA’s objectives for the first meeting on October 19 are to:

    • Review the importance of patching and the challenges in the existing ecosystem;
    • Share different perspectives on existing technologies and practices;
    • Discuss key security upgrade dimensions, features, and concerns;
    • Discuss logistical issues, such as the establishment of a drafting committee and working groups and the location and frequency of future meetings; and
    • Identify concrete goals and stakeholder work following the first meeting.

The meeting is open to the public and will be webcast to enable remote participation. Participants are encouraged to pre-register through NTIA’s website.

For the past 30 years, Wiley Rein’s Wireless Practice has helped the nation's leading carriers, trade associations, and equipment manufacturers work through myriad regulatory and business obstacles to develop into one of the most vibrant and critically important segments of the global economy. The IoT represents the next step in the evolution of communication—from networks to devices, platforms, and applications. As objects become embedded with sensors and gain the ability to communicate, information networks promise to create new business models, improve business processes, and reduce costs and risks. As our clients’ business evolves, so does our expertise. Today, Wiley Rein helps clients with IoT “go-to-market” strategies, as well as licensing and compliance strategies for connected devices of all kinds. 

Visit WileyConnect to read more about IoT news, policy, regulation, and trends.