From smart homes and self-driving vehicles to drones and healthcare monitoring, Internet of Things (IoT) capabilities are a hot topic for both manufacturers and consumers. The most recent episode of Kelley Drye’s Full Spectrum podcast spotlights one of the key areas for everyone involved – maintaining security of IoT devices. Partners John Heitmann and Steve
At the end of July, the National Institute for Standards and Technology (“NIST”) released draft cybersecurity guidance for IoT device manufacturers. The document, titled Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers, is intended, according to NIST, identify the cybersecurity features that IoT devices should have “to make them at least minimally securable by the individuals and organizations who acquire and use them.” The NIST document is not a rule or requirement for IoT devices, but rather is a continuation of NIST’s effort to foster the development and application of voluntary standards, guidelines, and related tools to improve the cybersecurity of connected devices.
NIST is seeking comment on the document through September 30 of this year and it held a workshop in August for interested parties to discuss the document. In a prior post, I blogged on takeaways from that workshop. Now, it’s time to take a closer look at the NIST document itself.
Connected devices already are making headway into business and consumer markets. “Smart” speakers, video doorbells, remote programmable thermostats and other devices are increasing in popularity in homes across the United States. Major automakers and startups are pursuing self-driving cars and the “passenger economy.” Businesses are using IoT capabilities to enhance preventive maintenance, to track assets through the production cycle and to gain insights into consumer behavior.
Now, the federal government is trying to provide resources for businesses engaged in the Internet of Things (“IoT”) economy. Building on guidelines it established for cybersecurity generally and IoT cybersecurity specifically, the National Institute for Standards and Technology (“NIST”), a division of the U.S. Department of Commerce, held a workshop for manufacturers on securing IoT devices. I attended the workshop and these are my principal takeaways from the meeting.
The FCC’s Spectrum Frontiers proceeding, which is focused on making millimeter wave (“mmW”) spectrum available for flexible commercial mobile and fixed use, seems poised to move into a new phase even as the current phase is playing out. At its next meeting on December 12, 2018, the agency will vote on rule changes to facilitate a consolidated auction of spectrum in three spectrum ranges designated in 2016 and 2017 for flexible mobile and fixed use: the so-called Upper 37 GHz Band (37.6-38.6 GHz), the 39 GHz Band (38.6-40.0 GHz), and the 47 GHz Band (47.2-48.2 GHz). The FCC reportedly anticipates completing the auctions by the end of 2019, following the present auction of 28 GHz Band licenses (in 27.50-28.35 GHz) and the immediately-following auction of 24 GHz Band spectrum (in 24.25-24.45 and 24.75-25.25 GHz). A draft order has been made available to the public.
Of particular interest, the recently released draft item would lay the groundwork for the FCC’s second incentive auction (after the “inaugural” broadcast incentive auction completed in March 2017). A 39 GHz incentive auction would be structured quite differently than the 600 MHz broadcast incentive auction and attempt to reduce encumbrances in the 39 GHz Band by offering existing licensees the option to relinquish their licenses in exchange for payment. The FCC leadership appears bullish that the three auctions will draw significant interest from major service providers looking to support next-generation applications, including 5G wireless connectivity and the Internet of Things. Naturally, the first-in-time 24 and 28 GHz auctions may give some sense in advance of that interest. Through November 26, 2018, after 18 rounds, the 28 GHz Band auction had generated under $200 million in bids, albeit that spectrum is encumbered in many of the largest markets and in slightly more than 50% of all counties nationwide, including the most populous. The 24 GHz Band auction may prove a much better test of the appetite for participants to pay high prices for so-called “high band” spectrum.
Responding to demands by high tech companies for more so-called “mid-band” unlicensed spectrum to augment that already made available in the 5 GHz Band, which accommodates Wi-Fi, Internet of Things (“IoT”), and other Unlicensed National Information Infrastructure (“U-NII”) applications as well as Licensed Assisted Access and LTE-Unlicensed solutions, the FCC will vote on a draft Notice of Proposed Rulemaking (“NPRM”) at its October 26 Open Meeting to make up to 1200 megahertz of nearby spectrum available for similar purposes. The draft leaves no doubt that, to make the 5.925-7.125 GHz band (the “6 GHz Band”) available for unlicensed use, sophisticated sharing mechanisms will need to be in place. Various parts of this frequency range are already used by fixed, mobile, and satellite services, and the draft item commits to protecting these incumbents and allowing these services to grow while at the same time opening the band to increased numbers of unlicensed devices. To achieve this, the Commission is considering drawing upon its experience with white spaces and the Citizens Broadband Radio Service (at 3550-3750 MHz), and would seek comment on numerous subjects before adopting rules. The draft item would be a stepping stone to enabling unlicensed devices to operate with wider bandwidths and higher data rates, which the Commission hopes would set off a new wave of innovation in consumer devices complementing its recent moves to spur the rollout of next-generation 5G networks. The NPRM, when adopted, will be sure to generate a wave of comments from both equipment manufacturers and broadband providers hungry for more spectrum as well as incumbent public safety organizations, utilities, satellite companies, and various other fixed and mobile services licensees seeking to protect and hoping to expand their existing operations in the 6 GHz Band, particularly as relocation options for other similar spectrum are increasingly scarce.
On July 18, 2017, the National Telecommunications and Information Administration (“NTIA”) hosted a virtual meeting of its multistakeholder process to address Internet of Things (“IoT”) patching and security upgrades. The July 18th meeting represents the fourth gathering of multistakeholders in this process.
During the July 18th meeting, four working groups presented: (1) the Communicating Upgradability and Improving Transparency working group; (2) the Incentives, Barriers, and Adoption working group; (3) the Standards working group; and (4) the Technical Capabilities and Patching Expectations working group.
Kelley Drye is excited to support the next Presidio Forum on “Securing (and Regulating) the Internet of Things: Policy, Innovation & Investment,” in San Francisco on June 20, 2017. The forum will present a candid discussion exploring today’s expanding IoT threat landscape, continued rise of regulatory interests and the increasing venture capital investment for IoT…