Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

NIST Plans To Examine Internet of Things (IoT) For Its Cybersecurity Framework

By Peter Stockburger
May 17, 2017
  • Consumer Protection
  • Data Breach
  • Health Information Privacy
  • Privacy Rights
  • United States
Share on Facebook Share on Twitter Share via email Share on LinkedIn

The National Institute of Standards and Technology (NIST) is holding a Cybersecurity Framework Workshop this week at its headquarters in Gaithersburg, Maryland. The purpose of the workshop is to discuss issues related to its widely used Cybersecurity Framework. Sessions at the workshop are being livestreamed, and are exploring the extraterritorial application of the NIST framework, sector-specific requirements, and uses for small businesses.

One closely watched workshop being held today is entitled “Cyber Meets the Physical World,” and is intended to examine how the NIST framework can be applied to the Internet of Things (IoT) sector:

The diverse use and rapid proliferation of connected devices – typically captured by the “Internet of Things (IoT)” – creates enormous value for industry, consumers, and broader society. At the same time, emerging threats, such as last year’s Mirai DDoS attacks, highlight the critical need to develop and apply guidance to maintain the cybersecurity of devices and the ecosystems into which they are deployed. NIST is seeking feedback on how the Framework may be applied to the IoT, both in terms of the devices themselves, as well as their integration into broader enterprise and network environments. Topics in this breakout may include: existing IoT definitions and taxonomies and their consistency with the Framework; IoT specific threats and constraints; sector-specific considerations for IoT security; and the integration of IoT – specific threats into the Framework model.

NIST’s focus on IoT at its workshop this week comes on the heels of its new draft NIST cybersecurity guidance on securing wireless infusion pumps in the healthcare industry. NIST is accepting public comment on the new draft guidance through July 7, 2017.

NIST’s focus on the IoT sector also comes as the IoT sector is coming under greater regulatory scrutiny in the US. In 2015, the US Federal Trade Commission (FTC) issued guidance encouraging certain best practices in the IoT sector. In January 2017, the FTC brought its first enforcement action against a computer networking equipment manufacturer for failing to undertake what the FTC considers reasonable steps needed to secure wireless routers or IP cameras from “widely known and reasonably foreseeable” risks of unauthorized access by failing to proactively address “well-known and easily preventable security flaws.” And in California, a new bill is being considered by the California legislature (Cal. Senate Bill 327) that would impact the manufacturers and sellers of IoT connected devices by requiring them to:

  • Equip the device with reasonable security features appropriate to the nature of the device and the information it collects, contains or transmits;
  • Design the device to indicate to the consumer when it is collecting information;
  • Obtain consumer consent before the device collects or transmits information;
  • Provide an explicit privacy notification to the consumer about what data is collected by the device; and
  • Directly notifies consumers of security patches and updates intended to make the device more secure on an ongoing basis.

If you or your business is engaged in the IoT space, the Dentons Privacy and Cybersecurity Group can help you navigate the growing regulatory environment and understand and implement the new NIST framework standards, as they are developed and adopted. We will also continue to monitor the NIST / IoT developments and report any further developments coming out of the NIST conference this week.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Peter Stockburger

About Peter Stockburger

Peter Stockburger is the office managing partner for the Firm's San Diego office, a member of the Firm's Global Data Privacy and Venture Technology Groups, and co-lead of the Firm's Autonomous Vehicles practice. With a focus on data privacy and security, Peter partners with clients around the globe to leverage data and talent to grow, operate, and protect their business.

All posts Full bio

RELATED POSTS

  • Consumer Protection
  • Data Breach
  • Government Information
  • Privacy Rights
  • United States

US Government Accountability Office Releases New Report On The Internet of Things (IoT)

By Peter Stockburger
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Europe
  • General
  • New and Proposed Laws
  • Privacy Rights
  • United Kingdom
  • United States

The new SCCs and what you need to know

By Tatiana Kruse
  • Consumer Protection
  • Marketing, Cookies & Spam
  • United States

6 Month Countdown to Canada’s Anti-Spam Legislation (CASL)

Canada’s Anti-Spam Legislation (CASL) has been a long time coming.  The Government of Canada announced today that most of CASL’s provisions […]

By Margot Patterson

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

  • Accountability
  • Asia Pacific
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Latin America
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Notices
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2023 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site