• United States




Who can regulate the IoT?

Aug 15, 20174 mins
HackingInternet of ThingsPrivacy

The Internet of Things (IoT) promises to simplify many aspects of life. It will also permeate every aspect of life, which has a lot of experts concerned. To deal with the risks of all those connected IoT devices, we need proper, organized regulations – and extreme consequences for not following those regs.

iot internet of things strategy briefcase
Credit: Thinkstock

The internet of things (IoT) is an immensely increasing information technology unit which is expected to reach 20–50 billion internet-connected devices by 2020. Predictions encompassing the future IoT gadgets are most of the ones which assume these to be the household devices. For instance, they may include light bulbs, our entrance gates, microwaves, comforters, blenders and many others.

But that’s not the only area where you could imagine internet connected devices. IoT devices in future next are likely incorporate mobile devices, parking meters, thermostats, cardiac monitors, tyres, roads, supermarket shelves and things from almost every surrounding environment around the globe.

However, such extensive amount of IoT devices is equally prone to vulnerability exploitation as privacy and security issues are a great concern while large scale IoT deployment. Therefore, IoT regulations are necessary to avoid such security risks.

An author Bruce Schneier said, “The internet is the most complex machine mankind has ever built by a lot, and it is hard to secure. The more we connect things to each other, the more vulnerabilities in one thing affect other things.”

The Internet is a robust technology to cater users and make things more efficient. However, it also helps the hacker to scale attacks that are otherwise impossible.

Who can regulate the IoT?

It’s a complicated task to determine the one who could efficiently regulate the Internet of Things with intact efficiency. The present rules applicable to the wearable device, eHealth technology, smart home device, and smart city technologies are not relevant to IoT platforms. However, it’s a general consent that such regulations if adopted by the lawyers and regulators could make the internet of things project either operationally or financially unworkable.

A joint hearing of two subcommittees of the Energy and Commerce Committee held on December 2016 featured a few special guests including cryptographer and author Bruce Schneier. He has a clear directive that the government should be involved and the U.S should be leading the effort in both regulation and security.

Although Schneier is not a supporter of government regulation, in this regard its necessary. He said, “I think government involvement is coming, and I’d like to get ahead of it. We’re now at a point where I think we need to make some moral and ethical decisions about how these things work.”

In a Washington Post op-ed, Schneier has pointed out that government regulation is the only solution that could impose the required security standards on IoT devices. However, it becomes more vital due to the fact that almost all of the consumers do not care about their device’s safety. Thus, it’s an issue that cannot be resolved by a free market. Whereas, Schneier agrees that regulations by the U.S government are a “domestic fix to an international problem.” However, he writes that “Governments will get involved in IoT. Because the risks are too great, and the stakes are too high.”

Drawbacks in absence of IoT regulations

IoT devices have many benefits such as interconnectivity, automation, provided ease-of-use, remote control, and metrics and monitoring if they are regulated properly. Otherwise, IoT technology is a double-sided sword with various security concerns.

Hacking. Providing a remote controlling feature is attracting as long as your data is in legitimate hands. However, connecting a device to the internet means your data is open for every other entity which could be damaged, defaced or compromised. For instance, a recent reveal by WikiLeaks has shown CIA data hacking via USB device.

Surveillance. When your data is in right control, metrics and monitoring are the benefits you get from IoT technology. But, a data present on an internet device is at a risk of being surveilled and used by the third party.

Outsourcing difficulty. IoT devices have slick interfaces but still, they have complications in things they translate. Therefore, they are just been managed by the developers and technologists at private firms which mean users are dependent on easy-to-use IoT devices. Likewise, they are dependent on the companies which are producing it, the people who are working for that firm and on the technical knowledge they have.

The immensely vast IoT technology is difficult to manage if not regulated properly. There exist certain cyber security compliance standards to evade the potential threats and to protect online data. For instance, Businesses could follow regulations like North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection (CIP) standards to ensure reliable services in the field of cyber security.


Peter Buttler is an infosecurity journalist and tech reporter, who contributes to a number of onlien publications, including Infosecurity-magazine, Tripwire, GlobalSign and CSO Australia, among others. He covers different topics related to online security, big data, artificial intelligence and the Internet of Things. With more than seven years' of IT experience, he also holds a masters degree in cybersecurity and technology.

The opinions expressed in this blog are those of Peter Buttler and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.