cybersecurity

On March 11, 2019, a bipartisan group of lawmakers including Sen. Mark Warner and Sen. Cory Gardner introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The Act seeks “[t]o leverage Federal Government procurement power to encourage increased cybersecurity for Internet of Things devices.” In other words, this bill aims to shore up cybersecurity requirements for IoT devices purchased and used by the federal government, with the aim of affecting cybersecurity on IoT devices more broadly.
Continue Reading Senate Reintroduces IoT Cybersecurity Improvement Act

The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft project on securing sensor networks for the Internet of Things (“IoT”). Organizations and individuals concerned with the security of IoT sensor networks are invited to comment on the draft through March 18, 2019.

Sensor networks are integral parts of many modern
Continue Reading NIST Seeks Comment on Security for IoT Sensor Networks

Updated (5/3/2018)

On April 17, the Federal Communications Commission (“FCC”) broke new ground in the agency’s role in national security policy by voting unanimously to approve a Notice of Proposed Rulemaking captioned “Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs” (the “NPRM”).  The deadline for filing comments is June 1, 2018, and reply comments are due July 2, 2018.

As the title indicates, the NPRM seeks comment on a framework to reduce supply chain risks for telecommunications equipment and services deployed throughout the country. The item acknowledges a specific role for the FCC in this arena: to ban use of Universal Service Fund (“USF”) subsidies in ways that undermine or pose a threat to national security. In short, the FCC proposes to use the power of the purse—in the case of USF, about $9 billion in subsidies per year—to dissuade companies from using equipment sourced from companies or countries that pose a national security concern.

Although the approach is narrow in scope, in practice the NPRM could produce a final rule that would significantly affect the selections of equipment and services by some USF recipients, particularly rural and smaller providers who reportedly are more likely to have purchased equipment from targeted suppliers. Additionally, as explained below, this proposed rule could affect USF recipients that do not use prohibited equipment and service providers, depending on whether some of their subcontractors use them.
Continue Reading Covington Internet of Things Update: FCC Looks to Bolster the Communications Supply Chain

The “Internet of Things” (IoT)—the network of consumer devices connected to the Internet through digital connections and sensors—has dramatically grown over the past five years. A McKinsey analysis estimated that the potential annual economic impact of IoT in 2025 could be between $4 trillion and $11 trillion, with value accruing in manufacturing, urban spaces, human wellness, retail, autonomous vehicles, homes, and other sectors. An analysis by Gartner, Inc. estimated that in 2018, nearly 11.2 billion connected things will be in use globally, and that this figure will surpass 20 billion by 2020.

IoT already has global reach. Nearly one-third of the overall installed IoT base is located outside China, North America, and Western Europe. And although IoT use will continue to grow in commerce and industry, more than 63% of IoT-connected units are already available on the consumer market. Some “smart” consumer products—such as fitness monitors, wearable devices, smart thermostats, and smart TVs—are well-established. In the coming years, connected devices will continue to expand in other categories, including kitchen appliances, toys, and medical devices, among many others.
Continue Reading Covington Internet of Things Update: U.S., U.K., and E.U. Regulators Turn Focus to IoT

Two hundred billion IoT devices could be in use by 2020, according to one estimate cited in the World Economic Forum’s recent report, Mitigating Risk in the Innovation Economy.  This rapid integration of the digital world and the physical world presents unprecedented opportunities for businesses in a wide array of industries.  But it also
Continue Reading Covington Internet of Things Update: Promise and Peril — IoT and Your Insurance

Inflection Point for IoT

In a relatively short amount of time, the adoption of the Internet of Things (IoT) and its applications— from smart cars to the myriad of interconnected sensors in the General Service Administration building reminiscent of HAL 9000 from 2001: A Space Odyssey— has rapidly proliferated, providing significant opportunities and benefits. However,
Continue Reading Covington Internet of Things Update: Latest NIST Draft Report a Call to Action for Federal Agencies and Private Companies

The US Information Security and Privacy Board (ISPAB) voiced concerns over potential harms resulting from a lack of controlled management of cybersecurity in wireless medical devices in response to the FDA’s  draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”  ISPAB operates under the National Institute of Standards and Technology (NIST) in its Computer Security Division, and its goals include identifying emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy.
Continue Reading US Information Security and Privacy Board Expresses Concerns about Management of Cybersecurity in Wireless Medical Devices

On March 29, the American Chamber of Commerce in China (“AmCham China”) released its 15th annual Business Climate Survey.  This year, AmCham China polled 325 of its members, most of which are U.S. companies operating in China.  According to AmCham China’s Chairman, this year’s results reflect “expectations for growth” tempered with “a more conservative
Continue Reading Survey: Foreign Companies Fear Data, IP Theft in China

In his State of the Union message on Tuesday, President Obama announced that he had signed an Executive Order addressing the cybersecurity of  critical infrastructure.  President Obama emphasized that in the face of threats to corporate secrets, the power grid, and financial institutions, among others, “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

The Executive Order follows legislative efforts in the last Congress to pass comprehensive cybersecurity bills.  After the Cybersecurity Act of 2012 (S. 3414) failed to pass in August 2012, Deputy National Security Adviser John Brennan mentioned in an appearance at the Council on Foreign Relations that the President was considering issuing an Executive Order to implement portions of the cybersecurity legislation.  In the subsequent months, the White House sought industry input on the Order.

The Order has two main components: increasing information sharing from the government to the private sector and establishing a Cybersecurity Framework to buttress the security of critical infrastructure.
Continue Reading President Obama Issues Cybersecurity Executive Order

In an effort to stem the tide of intellectual property theft from U.S. companies, on January 14, 2013, President Obama signed H.R. 6029, the Foreign and Economic Espionage Penalty Enhancement Act of 2012.

The Act increases the penalties for trade secret theft under the Economic Espionage Act of 1996 for crimes that the
Continue Reading Foreign and Economic Espionage Penalty Enhancement Act of 2012 Signed Into Law