NTIA IoT Security Upgradability and Patching Effort—Progressing Despite New Admin

On January 31, the National Telecommunications and Information Administration (NTIA) held a meeting of its multistakeholder effort on “Internet of Things (IoT) Security Upgradability and Patching,” which it kicked off in Austin in October 2016. Its objective is to foster a thriving market that promotes security in IoT devices.  The effort involves four Working Groups (WGs) looking at aspects of IoT security. 

Leadership of NTIA made plain it is not slowing down – they intend for this effort to remain relevant in under President Trump.  NTIA is eager for stakeholder input, and because multistakeholder efforts can inform standards of care and regulatory expectations, more manufacturers and others in the IoT space should consider participating, particularly before drafts and ideas are much farther along.

Working Group 1: Existing Standards, Tools, and Initiatives is a research effort to identify what standards and best practices exist for security updates.   The group will publicly catalog existing standards and best practices.  The group is considering scope, including whether to limit the effort to consumer or industrial IoT.  They also are considering whether to do a gap analysis.

Working Group 2: Capabilities and Expectations is creating an idealized model of the patching process and is focused on a secure transmission path.   Already, the group has found that there are no one-size-fits-all solutions for patching.  As with the first group, WG 2 is considering whether to focus on the needs of consumers versus high-security deployments.

Working Group 3: Communicating IoT Upgradability  is identifying information consumers may want, before purchase, about IoT upgradability—with an eye toward what sellers or manufacturers might voluntarily communicate to consumers.   There are complexities in developing concepts for a diverse, nascent ecosystem, but so far, the group has identified as important a description of:

  1. Whether a device can receive security updates.
  2. How a device receives security updates.
  3. If known, the expected time after which a device many no longer receive updates.

Some members are considering the benefits of consumer labels or other point-of-sale disclosures.

Working Group 4: Incentives, Barriers, Adoption Working Group is looking at barriers to updating.  The group has identified barriers, including environmental (ecosystem complexity, diversity, and challenges in ability to track consumer devices), interactive (consumer behavior), scale (amount of code and devices in play), production (service provider challenges), and regulatory issues.

***

The WGs will continue their individual efforts, which draw from think tanks, technology experts and the private sector, as well as some federal agencies.  Over 100 people participated in the January 31 virtual meeting.  We expect another meeting in April, when some of the Working Groups expect to share drafts.   

Wiley Connect

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek