Officials from the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS) noted the importance of enforcing and creating programs to support data security and privacy for Internet of Things (IoT) devices during the Internet of Things Global Summit on Thursday.
“How a company collects and uses consumer data, and what they tell a consumer, is not simply a privacy question, it is also a fundamental data security question,” said Rebecca Slaughter, FTC commissioner. “If I did not knowingly and willingly give you my data, no amount of cyber hygiene is going to make it secure. In many ways, I’ve already suffered a breach,” she said.
Slaughter called on consumers to have “meaningful, accurate information” about device security. She noted her concern about easily resolved problems like default passwords, called on companies to try and identify vulnerabilities in the testing phase, and clearly communicate about the lifespan of device updates.
She noted that the FTC had an “obvious enforcement mission” when it comes to IoT devices, but also highlighted the agency’s “facilitator of security innovation” role.
DHS is also trying to support security innovation, according to Thomas McDermott, deputy assistant secretary for cyber policy at the department.
“Almost two years ago, DHS issued a short guidance document that was called ‘Strategic Principles for Securing the Internet of Things,’ and the principles reflected in that document were a collection of largely existing best practices to advance the security around IoT devices, systems and networks,” said McDermott. “I think those principles really still hold true,” he added.
Slaughter noted the push for a national data privacy framework, but cautioned advocates of national preemption to “understand that it is not likely to be granted unless it is coupled with a meaningful and effective Federal regulatory regime. Specifically, the FTC would benefit from rulemaking authority, coupled with civil penalties, in the areas of data security and privacy.” She also advocated for the creation of a bureau of technology within FTC to consolidate technical expertise.
Both acknowledged the great potential of IoT devices, and encouraged their use, but heeded caution to the audience.
“The Internet of Things presents tremendous promise in terms of innovation and benefits for society, but the reality is that our dependence on network connected devices has fast outpaced our ability to secure them,” said McDermott.