Optional readings. Feel free to attach other suggestions.
- Page 117 starts to discuss IoT's 4 problems (paraphrased): (1) unexpected inferences leading to discrimination; (2) difficulty of de-identifying IoT generated data; (3) hacking and security breaches; and (4) privacy policy, notice and choice in small screenless devices generating data.
- p 148 Peppet does not think much federal regulation or a new agency is currently possible but suggests "four messy and imperfect first steps toward regulating the Internet of Things: (1) broadening existing use constraints—such as some state law on automobile EDRs—to dampen discrimination; (2) redefining “personally identifiable information” to include biometric and other forms of sensor data; (3) protecting security by expanding state data-breach notification laws to include security violations related to the Internet of Things; and (4) improving consent by providing guidance on how notice and choice should function in the context of the Internet of Things."
CSR Report - Cybersecurity Issues and Challenges: In Brief
- Great summary of existing federal roles and great "Simplified Schematic Diagram of Federal Agency Cybersecurity Roles" on page 4.
CSR Report - The Internet of Things: Frequently Asked Questions
- Do the current actions of Congress described on page 19 fall short, meet, or exceed your expectations?
Wikipedia - DYN 2016 DDoS Attack
- Any interesting tidbits and thoughts to share regarding this event?
Senator Prods Federal Agencies on IoT Mess
- Senator Mark Warner wrote FCC regarding attaching insecure devices to the network. Chairman Wheeler responded, then later put IoT action on hold
History of the 1927 Federal Radio Commission (quick 1 page read)
- Do the key assumptions underlying the Radio Act of 1927 tell us anything about Congressional reasoning to regulate that applies to IoT?
- How well do our current uncertainty and industry activities map to the struggles around spectrum rules in the early 1900s described in the first couple of pages?
Description of Telecommunication Certification Body (TCB) Program
- In 1998, the FCC outsourced transmitter equipment testing to certified, 3rd party labs. FedRAMP works similarly. What does this model tell us about scaling regulation and compliance?
- What are the advantages and limits to using existing enforcement mechanisms
FTC Report Internet of Things: Privacy & Security in a Connected World https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf
- Page 10: "IoT devices may present a variety of potential security risks that could be exploited to harm consumers by: (1) enabling unauthorized access and misuse of personal information; (2) facilitating attacks on other systems; and (3) creating safety risks. Although each of these risks exists with traditional computers and computer networks, they are heightened in the IoT, as explained further below."
The FTC’s Internet of Things (IoT) Challenge 2017
- Can we solve our device problems with a device? Has anyone imagined requiring an a data-off-switch?
November 2016 Congressional Hearing - Cyberattacks and the Internet of Things
- Panelists call for regulation and possibly a new agency.
Feb 2015 Congressional Hearing - The Connected World: Examining the Internet of Things
NIST unveils Internet of Things cybersecurity guidance SP 800-160
Various KrebsonSecurity IoT articles
- Useful to see the articles that Krebs has been writing
FDA releases final guidance on postmarket management of medical device cybersecurity
- What are the trigger events that might turn guidance into regulation?
- The Digital Standard & Coalition Announcement that ConsumerReports will start evaluating products for privacy and cybersecurity.