On September 19, 2016, the National Telecommunications and Information Administration (NTIA) of the U.S. Department of Commerce announced the initiation of a multistakeholder process on security upgradability and patching relating to the IOT. The first meeting about this process will occur on October 19, 2016, in Austin, Texas.
NTIA believes that, in order for the potential of the IoT to be realized, users of IoT devices “need reasonable assurance that connected devices, embedded systems, and their applications will be secure.” NTIA notes that “[a] key part of that security is the mitigation of potential security vulnerabilities in IoT devices or applications through patching and security upgrades.”
NTIA’s view, such a marketplace requires a common language and standardized definitions across the ecosystem so that consumers will understand the security features of IoT devices and so that those devices can receive security upgrades in the same fashion that regular updates to applications and operating systems are currently facilitated using visible reminders and automated updates. The intention is that this multistakeholder process will ultimately yield shared definitions and strategies for communications to consumers regarding the security features of their IoT devices.