Congress, Government Agencies Putting Focus on IoT

Lawmakers and regulators are beginning to look for ways to ensure security and privacy while enabling technological innovation to flourish.


U.S. lawmakers are continuing to cast a wary eye at the rapidly growing Internet of things, understanding the benefits that can be derived while at the same time trying to determine the government's role in protecting the security and privacy of consumers and their data.

Last month, House representatives announced the creation of a Congressional Caucus on the Internet of Things (IoT). Two weeks later, the Federal Trade Commission (FTC) in a report stressed that technology vendors and businesses must ensure that privacy and security remain a focus as they develop their connected devices and services.

On Feb. 11, the Senate Committee on Commerce, Science and Transportation will conduct a hearing about the issue as Congress looks to navigate a path that encourages the innovation necessary for the IoT to flourish while addressing inherent security risks that come when tens of billions of devices become connected to the Internet and each other.

The hearing was the result of a bipartisan request from Democratic Sens. Cory Booker of New Jersey and Brian Schatz of Hawaii and Republicans Kelly Ayotte of New Hampshire and Deb Fischer of Nebraska.

"Standing on the cusp of technological innovations that will improve both the safety and convenience of everyday items, we shouldn't let government needlessly slow the pace of new development," Sen. John Thune, R-S.D., the committee's chairman, said in a statement. "By engaging early in this debate, Congress can ensure that any government efforts to protect consumers are tailored for actual problems and avoid regulatory overreach."

The interest from government agencies and lawmakers comes as the Internet of things begins to take hold. Cisco Systems officials have said the number of connected devices—from tablets and smartphones to industrial systems, cars, home appliances, and residential and commercial security systems—will grow from 25 billion last year to more than 50 billion by 2020. Various analyst reports have put the IoT market between $7 trillion and $9 trillion by the end of the decade.

Tech vendors and businesses have been vocal about the benefits from the IoT, from improvements in consumers' lives to greater efficiencies and expanded opportunities for businesses. Cisco officials have said that the global impact of what they call the Internet of everything—which includes not only devices but people and applications—to businesses worldwide could be as much as $19 trillion.

However, security professionals have been just as vocal about the need to deal with the risks that connecting tens of billions of devices means, not the least of which is a rapidly expanding potential attack surface for cyber-criminals. IT professionals are having a difficult enough time securing the systems that are online now. As the number of connected systems and devices grows, so do the dangers. In addition, a key part of the IoT is not only the devices' connection to the Internet, but also to each other, and the data they pass back and forth.

It was a key message in the FTC's Jan. 27 report, which laid out a list of steps that vendors and businesses need to take to ensure that as the IoT grows, consumers and business users can feel confident in the security of the devices and systems and the protection of their data.

"The only way for the Internet of things to reach its full potential for innovation is with the trust of American consumers," FTC Chairwoman Edith Ramirez said in a statement at the time. "We believe that by adopting the best practices we've laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of things to be fully realized."