The Internet of things may be great for automating your home, but it comes with a number of security risks — concerns regulators have not kept up with, according to a new policy study by R Street.
In fact, according to R Street tech policy fellow Anne Hobson, Internet-of-things devices “present a unique problem to the Internet as a whole.”
“When devices are connected, one device’s vulnerability becomes a problem for the entire network,” Hobson said. “This is not a new threat, as networked devices have been around since the 1960s. However, the scale of interconnection among today’s devices magnifies the consequences of insecurity.”
There are a number of ways these risks can be addressed, Hobson said, such as incentives to provide customers with information about the cyber-security of items they buy and a healthier market for cyber-insurance.
“Lack of cyber-security is often viewed as a demonstration of market failure. It should instead be viewed as a market opportunity for private actors to lower the cost of information exchange or to help companies mitigate cyber-security risks,” she said. “Policymakers can play a role in supporting market-based solutions like cyber-security assurance programs, information-sharing programs and adoption of cyber insurance.”
Federal agencies can support the cyber-insurance market by holding Internet-of-things contractors financially responsible for cyber-attacks on their products or services when clients are impacted.
“Policymakers should avoid any regulatory approaches that would require design standards rather than performance standards,” Hobson said. “Design standards include rules that would require products to use certain protocols or communication standards deemed secure, whereas performance standards would set a desired safety outcome without specifying the means to achieving it.
“This would motivate companies to focus on compliance, rather than security. Legislating specific technical solutions would codify easily outdated features, limit U.S. competitiveness abroad and stunt experimentation.”