Microsoft recently filed comments with the U.S. Department of Commerce and the National Telecommunications and Information Administration (NTIA) on the benefits, challenges, and potential roles for the government in fostering the advancement of IoT, which can be read here. In addition to commending NTIA for undertaking this timely public consultation and for providing comments received for public review, I wanted to summarize Microsoft’s policy perspectives and recommendations.
Microsoft’s comments encourage policymakers to more broadly support efforts that will advance consumer and enterprise trust in IoT technology and help IoT realize its full potential. The government should encourage initiatives that recognize and emphasize the following:
- Best practices for IoT cybersecurity that are appropriately scoped to the roles of different actors in the IoT ecosystem.
- Modernization of traditional privacy frameworks, such as the “notice and consent” framework to increase the focus on transparency, context, and consumer expectations for scenarios where notice and consent are impractical.
- Support for industry-led efforts to develop open, voluntary, consensus-based, and globally-relevant standards that promote innovation and preserve interoperability, to ensure new IoT systems and legacy technology systems can work together.
- International engagement that takes into account other countries’ IoT strategies and initiatives as well as international trade commitments.
To put these policy priorities into action, Microsoft offers three recommendations for the government:
- Create an IoT interagency task force. This task force can coordinate with existing organizational bodies to foster balanced perspectives between security, economic benefits, and potential risks. Participants from across government agencies would set milestones for completion, particularly focusing on 1) direct the update of federal strategic documents to consider the security aspects of the explosive growth and reliance on IoT; 2) direct the update of existing awareness and training programs; 3) encourage and incentivize academia to develop curricula focused on IoT and security challenges; and 4) encourage engagement in appropriate international forums for standards and policy development.
- Convene and facilitate a government and industry standing body. Through a public-private standing body, key stakeholders can coordinate, collaborate and leverage the various industry IoT consortia to develop, update, and maintain IoT deployment guidelines to manage cybersecurity implications and risks. This body would adopt an international perspective that takes into account the significant work on IoT-related standards outside of traditional channels in standards development organizations.
- Review current research and development (R&D) investments and recommend future R&D funding for fundamental IoT security and cyber-physical security research. The Office of Science and Technology Policy should review R&D funding and investments, specifically for fundamental IoT and cyber-physical security research and help ensure the R&D projects are addressing evolving cybersecurity challenges.
Governments have an important role in ensuring that IoT innovations continue. Microsoft looks forward to continuing to work with NTIA to address the benefits and challenges of IoT in the future. For more details on Microsoft’s approach to IoT security, please download our recent white paper, Securing Your Internet of Things from the Ground Up, and visit www.InternetofYourThings.com if you would like to learn more about Microsoft’s role in the IoT ecosystem.