Internet of Things and Spectrum Concerns Drive a Flurry of Policy Activity
Published: June 08, 2016
The rapid expansion of the Internet of Things (IoT) and the growing crowdedness of the communications spectrum is driving various federal agencies to address security, privacy and management issues.
The growth of IoT – the interconnectedness of all the various devices, sensors, and digital communications across digital networks – has spurred two federal entities to both weigh-in and seek comment from industry on numerous issues including security and privacy. Meanwhile, the Office of Management and Budget (OMB) at the White House has issued new guidance to federal agencies on obtaining funds for research, development and planning efforts to free up spectrum for other use.
The National Telecommunications and Information Administration at the Department of Commerce issued in April a request for comment on questions posed by the growth of IoT in an effort to support connected devices and promote economic growth and innovation. The NTIA received comments from 133 organizations ranging from state governments, advocacy groups and trade associations to high tech and telecommunication companies.
Some excerpts of comments were picked up in the press, but many of the submissions addressed the key issues of data security and privacy brought on by the proliferation of connected sensors and devices and the resulting big data that is produced and often stored. Several entities stressed the need for clear standards for data collection, use and protection. The security and hack-resistance of Internet-enabled devices was also a major theme. What is clear from several angles is the collective stake that private companies, government agencies, and individual citizens share in ensuring that IoT progresses with both strong security and rigorous privacy provisions and these may or may not be well-served through regulation and/or legislation.
For its part, the Federal Trade Commission filed its own comments with NTIA on the subject, recognizing the security and privacy concerns with IoT while stating that it “believes that IoT-specific privacy and data security legislation would be premature at this time. However, the FTC’s efforts could be enhanced by appropriate … general (as opposed to IoT-specific) security and privacy legislation.” The FCC also expressed concern that the decreasing cost and growing disposability of sensor-bearing devices could be a disincentive to manufacturers maintaining patches and support for such devices as they are replaced with newer models, according to one press account.
Meanwhile, the Office of Management and Budget issued new guidance to federal agencies on funds transfers from the Spectrum Relocation Fund (SRF) for research and development and planning activities that have the potential to facilitate further spectrum auctions. The SRF was created in 2004 to reimburse agencies for costs associated with relocating their spectrum-dependent systems to free those spectrum bands for auctioning under the Federal Communications Commission's (FCC) competitive bidding process.
Last year’s Spectrum Pipeline Act broadened SRF transfers to include research and development and planning activities that have the potential to facilitate further spectrum auctions and appropriated up to $500 million in existing balances and up to 10% of all future deposits into the SRF for activities including “research and development, engineering studies, economic analyses, activities with respect to systems, or other planning activities” that target improved efficiency and effectiveness.
The great potential and many challenges of leveraging IoT is impacting nearly every quarter of government missions – from defense and warfighting to public safety and citizens’ services. Further, the challenges of increasingly-crowded spectrum is on the minds of defense leaders as well.
The comments and concerns of both government and industry underscores the need for built-in security in the hardware, software, and firmware that run on these devices. The realities of zero-day vulnerabilities and the likelihood that any and every application and device has at least one security flaw underscores the need for layered security that addresses networks, applications, appliances, sensors, and data, all within a "moving target" environment that keeps would-be attackers guessing. This is all the more crucial in emergency and warfighting scenarios where spectrum is contested and critical to success.