FCC Threatens IoT Industry With Mandatory Cybersecurity Testing

The FCC has warned private industry to clean up their act, or it will do it for them.

2016 was not without its fair share of major cyber attacks. Fortunately, the government is looking to address this growing concern.

In one of the last FCC rulings under the Obama Administration, the FCC has issued a stern warning to private industry involved in the Internet of Things (IoT), saying basically, “Clean up your act or we will be forced to step in.”

The warning notes that the government will force commercial companies to institute protective procedures if action is not taken.

The FCC’s Cybersecurity Risk Reduction White Paper, which was issued on January 18, 2017, expresses serious concerns about the “burgeoning and insecure IoT market [that] exacerbates cybersecurity investment shortfalls [because] the private sector may not have sufficient incentives to invest in cybersecurity beyond their own corporate interests.”

Noting that insecure wireless devices have shut down service to millions of users by attacking critical control utilities that are not FCC-regulated, the FCC is advocating “cyber accountability” – a combination of market-based incentives and regulatory oversight – to reduce cyber risk in the communications sector.

Security by Design

Certainly, the FCC is most worried about communications carriers, including Internet service providers primarily. But the IoT world, namely device manufacturers and vendors, would bear a large portion of responsibility. 

The FCC proposes that IoT equipment suppliers should implement “security by design” practices to build cybersecurity into their products before marketing them. As defined by the FCC, security by design is “a practice of continuous testing, authentication safeguards, and adherence to best [cybersecurity] practices.”

The FCC hints that regulatory oversight of this process will likely be required, in part because of the “large and diverse numbers of IoT vendors – who are driven by competition to keep prices low – hinders coordinated efforts to build security by design into the IoT on a voluntary basis.”

Accordingly, the FCC states that, among other things, changes to its equipment certification rules may be necessary to protect networks from IoT device security risks.

The last sentence of the report says it all: “The Commission’s preference is to work collaboratively with industry using private/public partnerships. However, if market forces do not result in a tolerable risk outcome, the Commission has tools available to make adjustments to restore the balance.”

This warning is like a pre-9/11 document about Osama bin Laden. It should not be ignored, especially if it means there is a potential “9/11-like” cyber attack coming. The Consumer Technology Association (CTA) and other associations should immediately be engaged with the vendor community on this looming regulatory issue.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

Contact:

Jason Knott is Chief Content Officer for Emerald Expositions Connected Brands. Jason has covered low-voltage electronics as an editor since 1990, serving as editor and publisher of Security Sales & Integration. He joined CE Pro in 2000 and serves as Editor-in-Chief of that brand. He served as chairman of the Security Industry Association’s Education Committee from 2000-2004 and sat on the board of that association from 1998-2002. He is also a former board member of the Alarm Industry Research and Educational Foundation. He has been a member of the CEDIA Business Working Group since 2010. Jason graduated from the University of Southern California. Have a suggestion or a topic you want to read more about? Email Jason at [email protected]

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters