Tech-sector firms, along with the Federal Trade Commission (FTC) are promoting “best practices” regarding cybersecurity for the Internet of Things (IoT), and the FTC is threatening enforcement for inadequate measures as well. The Information Technology Industry (ITI) Council has urged the National Telecommunications and Information Administration, that the IoT policy process should follow processes lead by the National Institute of Standards and Technology in order to address growing security concerns that come with emerging technology. In ITI’s comments, they stated that NIST’s cybersecurity layout provides an “overarching structure” for IoT, while their cyber-physical systems framework provides further information to create secure IoT products. The Center for Data Innovation also praised NIST, stating that their new Systems Security Engineering guide offers guidance on securing IoTs and other connected technologies.
The Wiley Rein Law Firm urged that the NTIA request for comments regarding IoT security will open the door for the federal government to get involved in that area. ITI suggests that leadership from the federal government will “make certain that efforts to improve cybersecurity leverage public-private partnerships and build upon existing initiatives and resource commitments.” Various tech groups argue that regulations to IoT security that focus on specific technologies hinder innovation. For example, according to the Software and Information Industry Association, best practices cannot apply uniformly across IoT products and government regulation cannot be applied effectively either.