Survey: Execs worldwide back IoT security rules

Tech executives and business decision-makers want stronger regulation and guidelines for internet-of-things devices, according to a report released by a cybersecurity provider Gemalto.

The report includes a survey of 950 "IT and business decision makers globally," including 200 in the United States. Gemalto found that nine in 10 respondents supported some IoT cybersecurity regulations.

Among those that are seeking more regulations, 59 percent said that rules should include identifying who is responsible for securing data in different parts of the ecosystem, and 53 percent said there should be consequences for lapses.

In the U.S., lawmakers and the federal agencies have considered different approaches to the explosion of endpoints and data created by IoT technology, but as FCW has reported, no federal regulator is claiming jurisdiction, and Congress has yet to pass laws governing the IoT ecosystem.

This November, the House passed the SMART IoT Act. The bill, offered by Rep. Robert Latta (R-Ohio), would task the Department of Commerce with studying the current IoT industry in the United States. The research would look into what companies develop IoT technology, what federal agencies have jurisdiction in overseeing this industry and what regulations have already been developed.

Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.) in October introduced a bill that would leverage federal buying power to prohibit agencies from acquiring IoT devices and sensors that aren't patchable and that don't have changeable passwords.

The National Institute of Standards and Technology has also been working to develop guidance on IoT cybersecurity and privacy risks. It put a draft of its guidance on managing IoT cybersecurity and privacy out for public comment last fall. The first round of comments closed in October. Most of NIST's employees were furloughed in December in the shutdown.