Brief session description:
Monday, July 24, 2017 – This panel took place during the afternoon session of IGF-USA 2017 at the Center for Strategic and International Studies in Washington, D.C. Read the print story and see video highlights on this page. You can view the full, archived video of this panel session here.
IoT devices and their implementations can create weaknesses that compromise the security of individuals, homes, businesses and industrial control systems. Global efforts such as the IGF Internet of Things Dynamic Coalition can help to frame and manage risks in the IoT ecosystem. The panel discussed potential vulnerabilities and ways to mitigate risks when low-cost or high-longevity devices, some with no security or with software that is not designed to be updated or not supported, are installed in a network, potentially creating the weakest link in terms of overall Internet security.
Details of the session:
The session was moderated by Dan Caprio, co-founder and executive chairman of The Providence Group privacy and cybersecurity consultancy and former chief privacy officer and deputy assistant secretary at the US Commerce Department. Other panelists included:
- Evelyn Remaley, a leader of cybersecurity efforts in the Office of Policy Analysis and Development of the US National Telecommunications and Information Administration, formerly with Booz Allen Hamilton as a consultant working with federal agencies such as the Defense Department and Department of Homeland Security on cybersecurity issues
- Adiel Akplogan, vice president for technical engagement with the Internet Corporation for Assigned Names and Numbers (ICANN), previously CEO for AFRINIC (The African Network Information Centre), known as one of the Internet pioneers of Africa
- Anne Hobson, associate fellow of the R Street Institute, specializing in free-market approaches to emerging technologies, including virtual reality, artificial intelligence, the internet of things and the sharing economyowns, the open Internet, cybersecurity and ensuring that fundamental human rights are respected online
- Julie Kearney, vice president of regulatory affairs for the Consumer Technology Association, the technology trade association representing the $292 billion US consumer technology industry
- Nathan Wineinger, director of policy relations at the 21st Century Wilberforce Initiative
Panelists examined the difficult path multistakeholders face in the development of the Internet of Things (IoT). There are myriad challenges facing the emerging IoT, and all sectors must work together to come up with policy addressing those issues, which include cybersecurity, privacy, manageability, legality and consumer participation.
In her opening remarks at the afternoon breakout session, Anne Hobson of the R Street Institute noted that she was excited to see “holistic” in the title “because it recognizes this complex global nature” of the IoT and its emerging obstacles.
“The scale and nature of these devices create a unique problem because of the insecurity of one device and how that affects the security of the ecosystem as a whole,” she said. “My goal here is that I want you to understand that it’s a distributive problem, and that a distributed problem over time requires a distributed solution by many, many stakeholders.”
The panelists shared their opinions on what they believe the role of the government should be in determining the outcomes of policy challenges related to industry developments. Hobson said the problems facing the Internet of Things would not be solved in one fell swoop of policy, but in “5-percent solutions” from all stakeholders who come together.
“The threat of today are not the threats of tomorrow,” she said. “Solutions will have to constantly evolve.”
Evelyn Remaley of the NTIA’a Office of Policy Analysis and Development (OPAD) emphasized the importance of cooperation and communication in determining effective solutions.
“It’s going to be a process, and that is what we are trying to do as part of this tasking: to get together the good, positive ideas to determine what governance structures we might need to put in place to bring the right people together,” Remaley said. “There’s no one side of the ecosystem that’s going to solve this. … It really needs to be all the players in the room together.”
According to Julie Kearney, vice president of regulatory affairs at the Consumer Technology Association, manufacturers and merchandisers must work with their government counterparts in order to follow through on the IoT’s premise of improving lives.
“We’re working with our government counterparts. We need to look at ways to ensure that hackers are not violating the trust built around the IoT,” Kearney said. “So, really, we have the twin goals of promoting consumer confidence and trust and preserving the maximum ability to innovate and to express one’s self.”
Kearney also said that the government and the industry have a symbiotic relationship when it comes to determining policy concerning new technology.
“Government agencies play a critical role in that it’s a symbiotic relationship with industries,” Kearney said. “Government needs industry to help figure out where the flaws are, and we need government, so I do feel there’s a symbiosis there that’s important.”
When it comes to governmental intervention in technology policies, specifically those pertaining to the IoT, Remaley said that their analysis of feedback from stakeholders has helped guide them in terms of what the federal government’s level of involvement should be.
“Although IoT has the same challenges that we’ve already seen across the Internet ecosystem, there is something new to be looked at in terms of the scope and scale of what’s happening out there,” she said.
Remaley recalled the beginnings of the Internet itself, when the federal government and Department of Commerce let the market lead. They found that with the IoT, the best course of action was to follow trends set decades ago, of allowing the market to grow, evolve and solve problems on their own before “having government rush in,” she said.
Panelists also agreed that consumers have an important role in the development of the Internet of Things.
Adiel A. Akplogan, vice president for technical engagement at ICANN, said that consumers have a specific responsibility to be aware of the Internet of Thing’s data risks. The reasoning is simple: Because when they are more aware, consumers can demand higher standards from their vendors. But in order to have that knowledge, Akplogan said, companies have a responsibility to make information understandable for their customers.
“People must understand what they are reading in a simple way, in a nontechnical way,” he said.
Nathan Wineinger of the 21st Century Wilberforce Initiative explained that companies need to be aware of how technology affects and plays a role in people’s daily lives in order to create technology that will make their lives easier.
Wineinger urged attendees to consider the multistakeholder process as a multisector process as well.
“I just encourage continued alignment with different frames that other sectors understand, that other sectors use so that it isn’t just siloed within the tech community,” Wineinger said.
Kearney concluded that the Internet of Things is meant to be inclusive and interconnected as it continues to develop in valuable ways.
“We cannot let the bad actors destroy or degrade the benefits of the IoT and through our collaborative efforts, we can continue to reap the benefits,” she said.
– By Christina Elias
The multimedia reporting team for Imagining the Internet at IGF-USA 2017 included the following Elon University School of Communications students, staff and faculty:
Janna Anderson, Bryan Baker, Camille Behnke, Liam Collins, Diego Pineda Davila, Colin Donohue, Maya Eaglin, Christina Elias, Meagan Gitelman, Alex Hager, Tommy Kopetskie, Deirdre Kronschnabel, Jared Mayerson, Emmanuel Morgan, Grace Morris, Jackie Pascale, Mariah Posey, Alexandra Roat, Ginna Royalty, Alexandra Schonfeld, Jamie Snover, Erik Webb, Brooke Wivagg