Internet of Things

Consumer agency bows out of IoT data security role

IoT 

The Consumer Product Safety Commission plans to focus on physical hazards in an upcoming meeting on the safety of the internet of things.

In a March 28 Federal Register notice, the CPSC announced a May 16 public meeting on the product safety issues arising from the growing popularity of connected devices, including toys, "smart" home products, consumer appliances and more.

But the agency announced it planned to stay in its lane when it comes to focusing on physical threats.

"We do not consider personal data security and privacy issues that may be related to IoT devices to be consumer product hazards that CPSC would address," the notice read.

What makes the IoT different from other consumer product categories is the potential for "hazardization," which CPSC defines as occurring when a safe product "connected to a network, becomes hazardous through malicious, incorrect, or careless changes to operational code."

The agency lists "fire, burn, shock, tripping or falling, laceration, contusion and chemical exposure" as some of the possible outcomes of IoT devices going bad.

At the hearing officials will consider how to prevent IoT products from becoming hazardous after purchase and installation, whether government or commercial standards are required and who among the various participants in a product's design, sale and upkeep  is responsible when a connected device leads to an accident or injuries. The agency will also look at the role of software development in preventing or contributing to product failures.

CPSC joins a host of agencies that are examining the internet of things. So far the National Institute of Standards and Technology and the National Information and Telecommunications Agency have probed the connected devices ecosystem for risks, but no one in the regulatory world appears yet to have an interest in developing rules of the road for the IoT space.

Congress may have a role to play. For more than a year, lawmakers including Sen. Cory Gardner (R-Colo.) and Sen. Mark Warner (D-Va.) have been concerned about the security risks of connected devices that are sold with hard-coded, unalterable passwords, which can potentially lead to hacking at scale and the spread of botnets. They're proposing to leverage the purchasing power of the federal government by requiring minimum security standards for devices bought by agencies.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.