Internet of Things

Consumer agency bows out of IoT data security role

IoT 

The Consumer Product Safety Commission plans to focus on physical hazards in an upcoming meeting on the safety of the internet of things.

In a March 28 Federal Register notice, the CPSC announced a May 16 public meeting on the product safety issues arising from the growing popularity of connected devices, including toys, "smart" home products, consumer appliances and more.

But the agency announced it planned to stay in its lane when it comes to focusing on physical threats.

"We do not consider personal data security and privacy issues that may be related to IoT devices to be consumer product hazards that CPSC would address," the notice read.

What makes the IoT different from other consumer product categories is the potential for "hazardization," which CPSC defines as occurring when a safe product "connected to a network, becomes hazardous through malicious, incorrect, or careless changes to operational code."

The agency lists "fire, burn, shock, tripping or falling, laceration, contusion and chemical exposure" as some of the possible outcomes of IoT devices going bad.

At the hearing officials will consider how to prevent IoT products from becoming hazardous after purchase and installation, whether government or commercial standards are required and who among the various participants in a product's design, sale and upkeep  is responsible when a connected device leads to an accident or injuries. The agency will also look at the role of software development in preventing or contributing to product failures.

CPSC joins a host of agencies that are examining the internet of things. So far the National Institute of Standards and Technology and the National Information and Telecommunications Agency have probed the connected devices ecosystem for risks, but no one in the regulatory world appears yet to have an interest in developing rules of the road for the IoT space.

Congress may have a role to play. For more than a year, lawmakers including Sen. Cory Gardner (R-Colo.) and Sen. Mark Warner (D-Va.) have been concerned about the security risks of connected devices that are sold with hard-coded, unalterable passwords, which can potentially lead to hacking at scale and the spread of botnets. They're proposing to leverage the purchasing power of the federal government by requiring minimum security standards for devices bought by agencies.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.