Policy study: Markets, not mandates, will secure the internet of things
“In order to maximize the benefits of the IoT, we must develop a policy framework that is able to keep up with these evolving and expanding threats and that can address the damage caused when security measures fail,” Adams said. “But before any government intervention is undertaken, we should allow security standards to develop spontaneously rather than imposing prescriptive regulation.”
The authors note IoT governance is gradually taking shape through individual actions and the interaction of networks, governments and markets. Currently, it is not clear how the landscape will evolve or which actors will gain prominence in the governance of IoT security, though there are significant reasons to be skeptical of efforts to impose a restrictive regulatory regime on the rapidly-evolving IoT ecosystem.
In fact, the IoT security landscape already includes many market mechanisms that can succeed where government action, with its structural limitations, would not. Recognizing that it would be ill-advised to impose a one-size-fits-all regulatory regime, the authors argue that policymakers should encourage these mechanisms, while simultaneously allowing private and multistakeholder standards to develop.
“This is not to say that government cannot take any productive actions in the near term that affect the broader landscape,” Kane said. “For instance, it would be entirely appropriate to clarify existing rules to remove barriers to vulnerability research. But let’s allow the market some time to calibrate to the new terrain. Doing so will maximize innovative use cases for IoT technology, while allowing security practices to be flexible and responsive. While this approach may mean tolerating some near-term failures, in the long run, it is the most likely to maximize the scope of the technology’s benefits.”