Global harmonization of IoT policies is needed from all levels of government

WASHINGTON – July 2, 2020 –The Internet of Things (IoT) is dramatically increasing in size and scope, with almost 14.7 billion machine-to machine connections predicted by 2023. This growth has profound and global cybersecurity impacts for businesses, governments, and individual consumers. The COVID-19 pandemic makes concrete action to promote security in IoT devices even more urgent; while IoT printers, headsets, and other devices empower employees to work remotely, these devices can also bring increased risk of exposure to vulnerabilities in the IoT ecosystem.

Poorly secured IoT technologies pose considerable cybersecurity risks and could compromise sensitive data, affect the delivery of essential services like healthcare and utilities, and threaten the global resilience of the internet. BSA | The Software Alliance’s Policy Principles for Building a Secure and Trustworthy Internet of Things offers twelve responsible, risk-based steps that governments around the world can take to address these challenges and build trust in the IoT.

“BSA is eager to engage with policymakers at the national, state, and local level on the crucial issue of IoT security. We need flexible policy approaches that are based on an understanding of how the entire IoT ecosystem works, seamlessly integrating security capabilities across devices, cloud services, and networks,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “The global pandemic has underscored the need for strong security as so many people, businesses, and government agencies now rely on technology to work and operate remotely. For the Internet of Things to continue to evolve in innovative and secure ways, governments must create consistent, internationally operable policies for IoT security. BSA stands ready to engage in this process, and we hope that these principles will help spur thoughtful discussions.”

When developing IoT security policies, governments must:

1. Account for the IoT ecosystem’s diversity and complexity
2. Define key concepts and requirements clearly
3. Secure the whole IoT ecosystem, not just devices
4. Distinguish between consumer IoT and industrial IoT (IIoT)
5. Build on industry best practices
6. Incentivize security throughout the IoT life cycle
7. Embrace multi-stakeholder processes
8. Seek national and international policy harmonization
9. Support the development and use of internationally recognized IoT standards
10. Establish baseline security requirements as necessary and appropriate
11. Integrate security into IoT acquisition
12. Include IoT in incident response

These steps will help consumers and industry harness the power of the rapidly expanding universe of IoT to inspire innovation and boost the economy, while guarding against potential pitfalls. To read BSA’s full recommendations, visit: https://www.bsa.org/policy-filings/bsa-policy-principles-for-building-a-secure-and-trustworthy-internet-of-things