cyber security

On April 6, 2020, Tapplock, Inc., a Canadian maker of internet-connected smart locks, entered into a settlement with the Federal Trade Commission (“FTC”) to resolve allegations that the company deceived consumers by falsely claiming that it had implemented reasonable steps to secure user data and that its locks were “unbreakable.”  The FTC alleged that these representations amounted to deceptive conduct under Section 5 of the FTC Act.  In its press release accompanying the settlement, the FTC provided guidance for IoT companies regarding the design and implementation of privacy and security measures for “smart” devices, as discussed further below in this post.
Continue Reading IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT Companies

Following an informal consultation earlier this year – as covered by our previous IoT Update here – the UK’s Department for Digital, Culture, Media and Sport (“DCMS”) published the final version of its Code of Practice for Consumer IoT Security (“Code”) on Oct. 14, 2018. This was developed by the DCMS in conjunction with the National Cyber Security Centre, and follows engagement with industry, consumer associations, and academia. The aim of the Code is to provide guidelines on how to achieve a “secure by design” approach, to all organizations involved in developing, manufacturing, and retailing consumer Internet of Things ‘IoT’ products. Each of the thirteen guidelines are marked as primarily applying to one or more of device manufacturers, IoT service providers, mobile application developers and/or retailers categories.

The Code brings together what is widely considered good practice in IoT security. At the moment, participation in the Code is voluntary, but it has the aim of initiating and facilitating security change through the entire supply chain and compliance with applicable data protection laws. The Code is supported by a supplementary mapping document, and an open data JSON file which refers to the other main industry standards, recommendations and guidance.  Ultimately, the Government’s ambition is for appropriate aspects of the Code to become legally enforceable and has commenced a mapping exercise to identify the impact of regulatory intervention and necessary changes.Continue Reading IoT Update: The UK publishes a final version of its Code of Practice for Consumer IoT Security

Two hundred billion IoT devices could be in use by 2020, according to one estimate cited in the World Economic Forum’s recent report, Mitigating Risk in the Innovation Economy.  This rapid integration of the digital world and the physical world presents unprecedented opportunities for businesses in a wide array of industries.  But it also

On 14 February 2013, ENISA announced the release of a new report titled “Critical Cloud Computing – A CIIP Perspective on Cloud Computing Services”. The report sets out new cyber-security measures for cloud providers and users to implement when protecting “CII systems” against outages, disruptions and cyber-attacks.  “CII systems” are described as IT systems that are either a) critical infrastructure themselves (such as e-health platforms), or b) essential for the operation of other critical infrastructures (such as emergency call centres).

The report, which complements existing cyber-security and critical infrastructure documents published by the EU and Commission, including the Commission’s CIIP Action Plan and the EU’s new Cybersecurity Strategy, focuses on measures to protect financial, health, eGovernment and cloud service provider critical infrastructure.  The report recommends:Continue Reading The European Network and Information Security Agencies (ENISA) Releases New Cyber-Security Cloud Computing Recommendations