From smart homes and self-driving vehicles to drones and healthcare monitoring, Internet of Things (IoT) capabilities are a hot topic for both manufacturers and consumers. The most recent episode of Kelley Drye’s Full Spectrum podcast spotlights one of the key areas for everyone involved – maintaining security of IoT devices. Partners John Heitmann and Steve
At the end of July, the National Institute for Standards and Technology (“NIST”) released draft cybersecurity guidance for IoT device manufacturers. The document, titled Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers, is intended, according to NIST, identify the cybersecurity features that IoT devices should have “to make them at least minimally securable by the individuals and organizations who acquire and use them.” The NIST document is not a rule or requirement for IoT devices, but rather is a continuation of NIST’s effort to foster the development and application of voluntary standards, guidelines, and related tools to improve the cybersecurity of connected devices.
NIST is seeking comment on the document through September 30 of this year and it held a workshop in August for interested parties to discuss the document. In a prior post, I blogged on takeaways from that workshop. Now, it’s time to take a closer look at the NIST document itself.
Connected devices already are making headway into business and consumer markets. “Smart” speakers, video doorbells, remote programmable thermostats and other devices are increasing in popularity in homes across the United States. Major automakers and startups are pursuing self-driving cars and the “passenger economy.” Businesses are using IoT capabilities to enhance preventive maintenance, to track assets through the production cycle and to gain insights into consumer behavior.
Now, the federal government is trying to provide resources for businesses engaged in the Internet of Things (“IoT”) economy. Building on guidelines it established for cybersecurity generally and IoT cybersecurity specifically, the National Institute for Standards and Technology (“NIST”), a division of the U.S. Department of Commerce, held a workshop for manufacturers on securing IoT devices. I attended the workshop and these are my principal takeaways from the meeting.
By unanimous vote, the FCC launched a rulemaking this past week to consider allocating the 1675-1680 MHz band for co-primary use by flexible commercial terrestrial fixed and mobile operators with incumbent federal operators. The Notice of Proposed Rulemaking (“NPRM”), released on Monday, May 13, is, in many fundamental ways, similar to a proposal Ligado first made in a 2012 petition for rulemaking, with adjustments over the years, seeking to allow terrestrial mobile operations in the 1675-1680 MHz band.
It’s once again full speed ahead on spectrum and 5G deployment at the FCC, as the agency plans to take action at its next open meeting scheduled for April 12, 2019 on a slew of measures aimed at making additional millimeter wave (“mmW”) frequencies available to support 5G wireless technologies, the Internet of Things, and other advanced services. Topping the agenda, the agency expects to propose procedures for the simultaneous auction of spectrum for commercial wireless services in three mmW bands encompassing 3400 megahertz. As we previously reported, the proposal would clear the way for the FCC’s second-ever incentive auction (the first being the March 2017 broadcast spectrum incentive auction) designed to clear out incumbent licensees by offering payments in exchange for relinquishing current spectrum holdings. The agency also anticipates reforming access to mmW bands to facilitate the auction and extending long-standing protections for over-the-air reception devices (“OTARD”) to hub and relay antennas essential to 5G network deployment. Rounding out the major actions on the April agenda, the FCC plans to forbear from certain legacy long-distance regulations in the face of increased competition and eliminate the controversial rural “rate floor” for high cost universal service support.
You will find more details on the significant April meeting items after the break:
Responding to demands by high tech companies for more so-called “mid-band” unlicensed spectrum to augment that already made available in the 5 GHz Band, which accommodates Wi-Fi, Internet of Things (“IoT”), and other Unlicensed National Information Infrastructure (“U-NII”) applications as well as Licensed Assisted Access and LTE-Unlicensed solutions, the FCC will vote on a draft Notice of Proposed Rulemaking (“NPRM”) at its October 26 Open Meeting to make up to 1200 megahertz of nearby spectrum available for similar purposes. The draft leaves no doubt that, to make the 5.925-7.125 GHz band (the “6 GHz Band”) available for unlicensed use, sophisticated sharing mechanisms will need to be in place. Various parts of this frequency range are already used by fixed, mobile, and satellite services, and the draft item commits to protecting these incumbents and allowing these services to grow while at the same time opening the band to increased numbers of unlicensed devices. To achieve this, the Commission is considering drawing upon its experience with white spaces and the Citizens Broadband Radio Service (at 3550-3750 MHz), and would seek comment on numerous subjects before adopting rules. The draft item would be a stepping stone to enabling unlicensed devices to operate with wider bandwidths and higher data rates, which the Commission hopes would set off a new wave of innovation in consumer devices complementing its recent moves to spur the rollout of next-generation 5G networks. The NPRM, when adopted, will be sure to generate a wave of comments from both equipment manufacturers and broadband providers hungry for more spectrum as well as incumbent public safety organizations, utilities, satellite companies, and various other fixed and mobile services licensees seeking to protect and hoping to expand their existing operations in the 6 GHz Band, particularly as relocation options for other similar spectrum are increasingly scarce.
On July 18, 2017, the National Telecommunications and Information Administration (“NTIA”) hosted a virtual meeting of its multistakeholder process to address Internet of Things (“IoT”) patching and security upgrades. The July 18th meeting represents the fourth gathering of multistakeholders in this process.
During the July 18th meeting, four working groups presented: (1) the Communicating Upgradability and Improving Transparency working group; (2) the Incentives, Barriers, and Adoption working group; (3) the Standards working group; and (4) the Technical Capabilities and Patching Expectations working group.
Kelley Drye is excited to support the next Presidio Forum on “Securing (and Regulating) the Internet of Things: Policy, Innovation & Investment,” in San Francisco on June 20, 2017. The forum will present a candid discussion exploring today’s expanding IoT threat landscape, continued rise of regulatory interests and the increasing venture capital investment for IoT…