CTA Urges CPSC to Focus on IoT Device Safety, Not ‘Broader’ Cybersecurity Risks
A product hazard “enabled by connectivity is not simply a product hazard” but also a “cybersecurity risk,” said CTA in comments, posted Wednesday in docket CPSC-2018-0007 on the Consumer Product Safety Commission's review of potential safety issues and hazards associated with IoT devices (see 1803290032). Internet-connected consumer devices can give hackers “a connected entry point through a vulnerable device to a potentially vulnerable network,” said CTA. “CPSC can play a unique and valuable role with respect to the IoT, but it should not aim to do so alone,” said the group. “The agency should seek to bring its expertise regarding product safety to broader public, private, and joint public-private efforts directed at improving IoT safety and security.” It urged a “focus on product safety, rather than broader cybersecurity risks.” The Retail Industry Leaders Association agrees the commission “must take care not to conflate issues that clearly fall within the agency’s statutory authority and those that do not,” it commented. “Threat of hackers stealing personal data is real, alarming and could cause major damage to consumers,” said RILA, which represents Best Buy, Walmart and other big-box retailers. But the CPSC “has no statutory jurisdiction over privacy data and security,” it said. “That responsibility belongs to the FTC.”