Have You Updated Your Toaster? Transatlantic Approaches to Governing the Internet of Everything
51 Pages Posted: 25 Jul 2018 Last revised: 7 Apr 2020
Date Written: July 4, 2018
Abstract
There is a great deal of buzz surrounding the Internet of Things (IoT), which is the notion, simply put, that nearly everything not currently connected to the Internet from gym shorts to streetlights soon will be. The rise of “smart products” such as Internet-enabled refrigerators and self-driving cars holds the promise to revolutionize business and society. To substantiate the coming wave, Samsung has announced that all of its products would be connected to the Internet by 2020. Yet it is an open question whether security can or will scale along with this increasingly crowded field, or whether a combination of perverse incentives, increasing complexity, new problems, and new impacts of old problems like “technical debt” amassing from products being rushed to market, will derail progress and exacerbate cyber insecurity. This Article investigates contemporary approaches to IoT security through an in-depth comparative case study focusing on the European Union and the United States. Particular attention is paid to the impact of the General Data Protection Regulation (GDPR) and the Network Information Security (NIS) Directive in the EU, and influence of the National Institute for Standards and Technology (NIST) Cybersecurity Framework, and other leading standards, on IoT security with a focus on mitigating the risk of politically motivated attacks. We analyze transatlantic reform proposals — including the U.S. Internet of Things (IoT) Cybersecurity Improvement Act of 2017 and the potential for a dedicated NIST Framework for IoT security given the international success of the NIST CSF — and argue for a polycentric approach to boosting IoT securing across both jurisdictions by applying lessons from major Internet governance debates.
Keywords: Cybersecurity, Internet Of Things, GDPR, NIS Directive
Suggested Citation: Suggested Citation