On December 4, 2020, President Trump signed bipartisan legislation establishing minimum security requirements for Internet of Things (“IoT”) devices used by the federal government. The legislation, H.R. 1668, passed the House in September and the Senate in November.

The Internet of Things Cybersecurity Improvement Act of 2020 draws upon work that the National Institute of Standards and Technology (“NIST”) has been doing to address cybersecurity for IoT devices. Referencing work done over the Summer on IoT Device Cybersecurity, the Act directs NIST to issue standards for the “appropriate use and management” of IoT devices owned or controlled by federal agencies. NIST, which already was working on the federal profile of IoT uses, is directed to issue these guideline by March 4, 2021. Within 6 months of that date, the Office of Management and Budget is to review agency information security policies and principles based upon NIST’s guidelines. And, adding a hammer to the incentives, federal government acquisition standards are to be revised to implement these standards. In other words, federal contractors will be required to adhere to the NIST standards in IoT devices sold to the federal government.


Continue Reading President Signs IoT Cybersecurity Act of 2020

Join Partner Steve Augustino and the FCBA’s Internet of Things committee for “Furthering U.S. Drone Operations: An Update on FAA and Spectrum Policy Developments,” a virtual CLE on Monday, June 15th from 3:00  – 5:10 p.m. Steve will moderate the first of two panels. His session,  “Furthering UAS Deployment in U.S. Airspace,” will provide an

On February 28, 2020, at its Open Meeting, the FCC voted to commence a rulemaking to examine the rebalancing of many technical rules governing the deployment of fixed and certain mobile, unlicensed white space devices in the television bands (in and around the 600 MHz range) to increase opportunities for relatively long-distance connectivity in rural and underserved areas, such as for wireless broadband solutions or applications associated with the Internet of Things (“IoT”), although there are no application restrictions on white space devices per se. The rule changes are proposed only in those frequencies below TV channel 35, and so exclude the 600 MHz duplex gap and the 600 MHz service band. The text of the Notice of Proposed Rulemaking (“NPRM”) was promptly released on March 2. Comments are due 30 days after Federal Register publication with replies due sixty days after publication, which has not yet occurred.

Continue Reading FCC Opens Proceeding to Reinvigorate Opportunities for TV White Space Devices

From smart homes and self-driving vehicles to drones and healthcare monitoring, Internet of Things (IoT) capabilities are a hot topic for both manufacturers and consumers. The most recent episode of Kelley Drye’s Full Spectrum podcast spotlights one of the key areas for everyone involved – maintaining security of IoT devices. Partners John Heitmann and Steve

At the end of July, the National Institute for Standards and Technology (“NIST”) released draft cybersecurity guidance for IoT device manufacturers. The document, titled Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers, is intended, according to NIST, identify the cybersecurity features that IoT devices should have “to make them at least minimally securable by the individuals and organizations who acquire and use them.” The NIST document is not a rule or requirement for IoT devices, but rather is a continuation of NIST’s effort to foster the development and application of voluntary standards, guidelines, and related tools to improve the cybersecurity of connected devices.

NIST is seeking comment on the document through September 30 of this year and it held a workshop in August for interested parties to discuss the document. In a prior post, I blogged on takeaways from that workshop. Now, it’s time to take a closer look at the NIST document itself.


Continue Reading Securing IoT Devices (Part 2): Inside the NIST Guidance Document for IoT Device Manufacturers

Connected devices already are making headway into business and consumer markets. “Smart” speakers, video doorbells, remote programmable thermostats and other devices are increasing in popularity in homes across the United States. Major automakers and startups are pursuing self-driving cars and the “passenger economy.” Businesses are using IoT capabilities to enhance preventive maintenance, to track assets through the production cycle and to gain insights into consumer behavior.

Now, the federal government is trying to provide resources for businesses engaged in the Internet of Things (“IoT”) economy. Building on guidelines it established for cybersecurity generally and IoT cybersecurity specifically, the National Institute for Standards and Technology (“NIST”), a division of the U.S. Department of Commerce, held a workshop for manufacturers on securing IoT devices. I attended the workshop and these are my principal takeaways from the meeting.


Continue Reading Securing IoT Devices: Lessons from a NIST Workshop

The FCC’s Spectrum Frontiers proceeding, which is focused on making millimeter wave (“mmW”) spectrum available for flexible commercial mobile and fixed use, seems poised to move into a new phase even as the current phase is playing out. At its next meeting on December 12, 2018, the agency will vote on rule changes to facilitate a consolidated auction of spectrum in three spectrum ranges designated in 2016 and 2017 for flexible mobile and fixed use:  the so-called Upper 37 GHz Band (37.6-38.6 GHz), the 39 GHz Band (38.6-40.0 GHz), and the 47 GHz Band (47.2-48.2 GHz). The FCC reportedly anticipates completing the auctions by the end of 2019, following the present auction of 28 GHz Band licenses (in 27.50-28.35 GHz) and the immediately-following auction of 24 GHz Band spectrum (in 24.25-24.45 and 24.75-25.25 GHz). A draft order has been made available to the public.

Of particular interest, the recently released draft item would lay the groundwork for the FCC’s second incentive auction (after the “inaugural” broadcast incentive auction completed in March 2017). A 39 GHz incentive auction would be structured quite differently than the 600 MHz broadcast incentive auction and attempt to reduce encumbrances in the 39 GHz Band by offering existing licensees the option to relinquish their licenses in exchange for payment. The FCC leadership appears bullish that the three auctions will draw significant interest from major service providers looking to support next-generation applications, including 5G wireless connectivity and the Internet of Things. Naturally, the first-in-time 24 and 28 GHz auctions may give some sense in advance of that interest. Through November 26, 2018, after 18 rounds, the 28 GHz Band auction had generated under $200 million in bids, albeit that spectrum is encumbered in many of the largest markets and in slightly more than 50% of all counties nationwide, including the most populous. The 24 GHz Band auction may prove a much better test of the appetite for participants to pay high prices for so-called “high band” spectrum.


Continue Reading FCC Issues Draft Order on Next Spectrum Frontiers Auction

Responding to demands by high tech companies for more so-called “mid-band” unlicensed spectrum to augment that already made available in the 5 GHz Band, which accommodates Wi-Fi, Internet of Things (“IoT”), and other Unlicensed National Information Infrastructure (“U-NII”) applications as well as Licensed Assisted Access and LTE-Unlicensed solutions, the FCC will vote on a draft Notice of Proposed Rulemaking (“NPRM”) at its October 26 Open Meeting to make up to 1200 megahertz of nearby spectrum available for similar purposes. The draft leaves no doubt that, to make the 5.925-7.125 GHz band (the “6 GHz Band”) available for unlicensed use, sophisticated sharing mechanisms will need to be in place. Various parts of this frequency range are already used by fixed, mobile, and satellite services, and the draft item commits to protecting these incumbents and allowing these services to grow while at the same time opening the band to increased numbers of unlicensed devices. To achieve this, the Commission is considering drawing upon its experience with white spaces and the Citizens Broadband Radio Service (at 3550-3750 MHz), and would seek comment on numerous subjects before adopting rules. The draft item would be a stepping stone to enabling unlicensed devices to operate with wider bandwidths and higher data rates, which the Commission hopes would set off a new wave of innovation in consumer devices complementing its recent moves to spur the rollout of next-generation 5G networks. The NPRM, when adopted, will be sure to generate a wave of comments from both equipment manufacturers and broadband providers hungry for more spectrum as well as incumbent public safety organizations, utilities, satellite companies, and various other fixed and mobile services licensees seeking to protect and hoping to expand their existing operations in the 6 GHz Band, particularly as relocation options for other similar spectrum are increasingly scarce.

Continue Reading FCC Aims to Open up 6 GHz Band for Unlicensed Use While Protecting Incumbents through Automated Sharing Features and Other Restrictions

On July 18, 2017, the National Telecommunications and Information Administration (“NTIA”) hosted a virtual meeting of its multistakeholder process to address Internet of Things (“IoT”) patching and security upgrades.  The July 18th meeting represents the fourth gathering of multistakeholders in this process.

During the July 18th meeting, four working groups presented: (1) the Communicating Upgradability and Improving Transparency working group; (2) the Incentives, Barriers, and Adoption working group; (3) the Standards working group; and (4) the Technical Capabilities and Patching Expectations working group.


Continue Reading NTIA Holds Virtual Meeting of Multistakeholder Process on Internet of Things Security Upgradability and Patching

Kelley Drye is excited to support the next Presidio Forum on “Securing (and Regulating) the Internet of Things: Policy, Innovation & Investment,” in San Francisco on June 20, 2017.  The forum will present a candid discussion exploring today’s expanding IoT threat landscape, continued rise of regulatory interests and the increasing venture capital investment for IoT