Updates

Internet of Things (IoT)

2019

The 13th Symposium on ICT, Environment and Climate Change was convened on 13 May 2019 in Geneva, Switzerland under the theme: "the role of frontier technologies in combating climate change and achieving a circular economy." It tackled the transformative potential of frontier technologies in combating climate change, achieving a circular economy, and consequently uphold the achievement of the sustainable development goals (SDGs). Yet, frontier technologies present several challenges particularly regarding those who do not have access to the information and communication technology and hence could be left behind. Social and economic inequalities could also be seen among marginalized groups and women. Frontier technologies are generating emissions due to the lack of policies required to improve effective climate and circular actions in developing and developing actions. To this aim, the symposium recommended the following actions: a) promote the use of AI and other frontier technologies to accelerate climate and circular economy actions, b) establish a comprehensive framework to ensure positive technological disruption, c) encourage multi-stakeholder partnerships and international cooperation to facilitate sustainable and inclusive growth, d) implement international standards to harmonize the deployment of next-generation ICT infrastructure and evaluate the environmental impacts of frontier technologies, e) raise awareness on the role of frontier technologies in combating climate change and achieving a circular economy, f) reduce the negative impact of ICT-related e-waste to contribute to tackling climate change and moving to a circular economy, and g) direct frontier technologies to reduce societal greenhouse gas emissions in line with scientific trajectories and to foster a circular economy. 

The Federal Trade Commission (FTC) was approached by four US Senators alongside a coalition of 19 civil society organisations (headed by Campaign for a Commercial-Free Childhood, and the Center for Digital Democracy) to launch an investigation into whether Amazon Echo Dot Kids Edition violates the Children's Online Privacy Protection Act (COPPA). The coalition presented the commission with research which exposed, among others, the following vulnerabilities of the system: it is not clear what personal information the device collects, how it uses that information, and whether it shares the information with third parties; Amazon’s system for obtaining parental consent is inadequate and it keeps the audio recordings of children’s voices far longer than necessary; and finally even when parents delete some or all of the recordings of their child, the company does not necessarily delete all of the child’s personal information.

The US National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCoE) published a draft project titledSecuring the Industrial Internet of Things (IIoT): Scenario-based Cybersecurity for the Energy Sector’ for public consultation. The draft deals with securing IIoT information exchanges of distributed energy resources in their operating environments. Based on the public comments, the NIST will publish a cybersecurity practice guide on the matter. The deadline for public comments is 5 June.

The UK Department for Digital, Culture, Media and Sport (DCMS) is launching a consultation about regulating Internet of things (IoT) consumer devices based on the IoT Code of Practice. According to the proposal, a new mandatory label will be accompanying IoT devices. The label will inform consumers about the level of security of the IoT devices they are purchasing. The proposal lists several possible suggestions for the label: (a) Manufacturers can choose whether to implement the UK government’s voluntary label or voluntarily pledge to implement the code guidelines (no regulation); (b) Retailers could only sell consumer IoT products that have the IoT security label. Manufacturers would have to self-assess and implement a security label on their consumer IoT products; (c) Retailers could only sell consumer IoT products that adhere to the top three guidelines of the code (unique passwords, vulnerability disclosure, and a minimum time for security updates) and the ETSI TS 103 645. Manufacturers would have to self-assess that their consumer IoT products adhere to the top three guidelines of the code; (d) Retailers could only sell consumer IoT products that comply with all 13 guidelines of the code and manufacturers would have to self-assess and ensure that the label is on the appropriate product packaging; (e) A potential consumer IoT certification scheme that may emerge from the EU cyber security certification framework established by the EU Cybersecurity Act could be adopted. The consultation is open till 5 June to the following parties: device manufacturers, IoT service providers, mobile application developers, retailers and those with a direct or indirect interest in the field of consumer IoT security, including consumer groups, academics, and technical experts.

The US Senate Subcommittee of Security held a hearing on 30 April to discuss the strengthening of the security of Internet of things (IoT). The industry witnesses were Vice President, Technology & Standards, Consumer Technology Association Michael Bergman; Vice President, Cybersecurity Policy, US Chamber of Commerce Matthew Eggers; Director of Public Policy, Rapid7 Harley Geiger; Senior Vice President for Cybersecurity, US Telecom and Broadband Association Robert Mayer, and Director, Information Technology Laboratory, National Institute of Standards and Technology (NIST) Dr Charles Romine. Most speakers were in favour of the current co-operation between the industry and the NIST, which focuses on creating voluntary baseline standards for IoT devices instead of federal or state regulations. Only Mr. Geiger, as well as, a few members of the committee argued that some governmental involvement might be needed in order to enforce these security standards.

The National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCoE) published draft guidelines titled ‘Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)’ for public consultation. The guide is intended for IoT device and gateway manufacturers, communications service providers, and users of IoT devices. The guide focuses, among others, on the role MUD can play in achieving network security. The MUD architecture was introduced last month by the Internet Engineering Task Force (IETF) and is designed to make sure IoT devices conduct themselves only as intended by their manufacturers. The deadline for public comments is June 24.

Pages

 

The GIP Digital Watch observatory is provided by

 

 

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top