So, where do we go from here? After the Internet of Things was effectively used as a way to crash various online stores and services, it leaves us with the question of how can we fix this gaping hole in our security that would allow this new technology to continue to exist without causing further risk? As mentioned last week, the most likely solutions are either in the private sector, through consumer choice and manufacturer investment, or through government action. What actions should individuals take? What is the government doing now? What might the government do in the future?
What is the private sector currently doing?
The private sector is not doing much at this time. While consumers could demand more secure smart devices, the focus of the demand for these devices tends to be towards their functioning. In general, less sophisticated consumers buy smart devices for the sake of convenience, with security being a distant thought when compared to the more sophisticated consumers. These smart devices, like any other internet-connected device, occasionally need security updates to remain resistant to online bugs (i.e., malware). So, as the world becomes smarter, this technology will need to adapt and advance, accordingly, in order to mitigate the risks. Yet, without some motive to do so, it’s less likely that resistance to the botnet will emerge, and it may be due to the government’s intervention.
What is the government doing?
Currently, there is an array of executive orders and government programs that work to mitigate the cybersecurity threats. These policies move to share information to cover critical areas, form commissions, and create orders to confiscate property and enforce sanctions against individuals who have interrupted network systems. These executive orders were designed to promote information sharing among the private/public sectors and the government. Specifically, the Federal Trade Commission has held conferences on the Internet of Things, but even then there has not been specific legislation for securing the Internet of Things against botnets and DDoS attacks. Instead, there has been more focus on the privacy of data pursuant to the applicable laws (e.g., Privacy Act of 1974) and the implementation of the Federal Information Security Incident Center.
Yet, all of this may be effectively minor compared to what Congress could do to create robust and updated legislation. Akin to certain requirements placed on other products sold within the United States, Congress could impose certain requirements on the sale of products, such as a mandating the capability for software updates, continued support, and increased security for network routers and similar electronic devices. However, it is unknown which organization should be in charge of this security procedure, although the Department of Homeland Security is a likely candidate, as it already has an Enhanced Cybersecurity Service.
At our law firm, we assist clients with legal issues related to business, technology, cybersecurity, and e-commerce transactions. Please contact us to set up an initial consultation.