Consumer Electronics Daily was a Warren News publication.

NTIA to Facilitate IoT Cybersecurity Upgrades Multistakeholder Process

NTIA said it’s beginning a new multistakeholder process via the Internet Policy Task Force on the cybersecurity upgradability of the IoT. The NTIA-facilitated process, which is to begin with an initial meeting in early fall, will focus on developing ways to improve consumers’ understanding of cybersecurity upgrades to IoT products, the agency said Tuesday. NTIA chose to proceed with the multistakeholder process in response to comments in both its recent IoT request for comment (see 1606020059) and the IPTF’s 2015 request for comment on cybersecurity issues (see 1506010055) that “identified security upgradability as an issue that required attention and coordination,” said Deputy Assistant Commerce Secretary-Communications and Information Angela Simpson in a blog post. She said that the process’ goal will be to “promote transparency in how patches or upgrades to IoT devices and applications are deployed. Potential outcomes could include a set of common, shared terms or definitions that could be used to standardize descriptions of security upgradability or a set of tools to better communicate security upgradability.” There are instances in the IoT space where there has been “limited consideration for supporting future security patches, even though many devices will eventually need them,” Simpson said. “Enabling a thriving market for devices that support security upgrades requires common definitions so consumers know what they are getting.” No common definitions on IoT cybersecurity upgrades currently exist “and manufacturers can struggle to effectively communicate to consumers the security features of their devices,” she said.