At the recent South by Southwest festival in Austin, Texas, I took participated in a panel discussion hosted by the European Union and exploring opportunities for international cooperation on cybersecurity policy.
Joining me on the panel were Chris Painter, coordinator for cyber issues for the U.S. State Department; Rafael Laguna, CEO of Open-Xchange; Michael Farrell, editor of CSM Passcode, and Andrea Glorioso, counselor for digital economy for the EU delegation. You can see the full video embedded below:
Some takeaways I had from the discussion:
- The internet of things is a complex, global system. There is no silver bullet solution or simple regulatory fix. Instead, industry, governments, consumers and third-party stakeholders will have to work together on a variety of efforts to improve data-security and privacy outcomes.
- Threat information-sharing efforts, device cybersecurity certification programs, after-market smart products, consumer awareness initiatives and efforts to improve cyber insurance adoption are all pieces of a broad strategy to mitigate cyber risk in the internet of things.
- Artificial intelligence empowers consumers and firms to detect and mitigate cyber threats. At SXSW, IBM demonstrated their “cognitive security” program that leverages machine learner Watson to analyze unstructured data in ways that could help businesses identify threats. On the consumer end, smart routers and firewalls can monitor traffic patterns and metadata to detect when your home’s connected devices are compromised.
- There is a role for government to encourage solutions that foster a more secure internet of things. For example, the U.S. Commerce Department’s National Institute of Standards and Technology’s industry-led voluntary cybersecurity framework creates a common language for government to engage with stakeholders. In a recent green paper, the department outlined its role in promoting an open global environment for internet-of-things development. R Street filed comments supporting a light-touch regulatory approach and advocates for continued engagement with stakeholders on cybersecurity issues domestically and internationally.
For more ideas about addressing IoT cyber vulnerabilities, see our recent paper, “Aligning Cybersecurity Incentives in an Interconnected World,” which examines the role of government in fostering market-based solutions to device insecurity.