CommLaw Group IoT Attorney Ron Quirk, today published an article in IoT Journal: FCC to IoT Device Vendors: Implement Cybersecurity Now or We May Force You To. The Federal Communications Commission (“FCC”) has just announced that it should require “cyber accountability” of IoT equipment suppliers. Cyber accountability – a combination of market-based incentives and regulatory oversight – is intended to to reduce cyber risks in the IoT ecosystem by, among other things, increasing the responsibility of IoT device suppliers to implement cybersecurity measures when designing their products.
“The FCC avers that regulatory oversight . . . would likely be required, in part because of the “large and diverse numbers of IoT vendors – who are driven by competition to keep prices low – hinders coordinated efforts to build security by design into the IoT on a voluntary basis.” Accordingly, the FCC states that, among other things, changes to its equipment certification rules may be necessary to protect networks from IoT and other RF devices’ security risks.”
The FCC recently published a notice of inquiry, kicking off a regulatory proceeding in which a wide variety of IoT stakeholders, including RF equipment suppliers, can opine on various cybersecurity matters and help shape the future rules. For IoT equipment suppliers, a key issue is whether and to what extent RF device suppliers should be responsible for securing their products, and their potential liabilities to third parties for breaches. Comments may include, for example, information as to market practices and conditions that mitigate the need for regulatory oversight. Comments are due by Apr. 24, 2017, and reply comments are due by May 23, 2017.