How can policy makers address the IoT digital security challenge?
Moderator: Tarah Wheeler, International Security Fellow, New America
Ursula Pachl, Deputy Director General, BEUC The European Consumer Organisation
Atsushi Umino, Director of the Office of the Director-General for Cybersecurity, Ministry of Internal Affairs and Communications (MIC), Japan, and Vice-Chair of the OECD Working Party on Security in the Digital Economy (SDE)
Stephen Pattison, VP Public Affairs, ARM Holdings
Neville Matthew, General Manager, Risk management and Policy, Australian Competition and Consumer Commission (ACCC), Chair of the OECD Working Party on Consumer Product Safety
According to various estimates, 2021 saw the number of Internet of Things (IoT) devices reach the milestone of 25 billion globally. From connected toys and appliances to cars and healthcare products, IoT devices are notoriously insecure and often lack basic security features such as an update mechanism. Too often, IoT supply-side actors lack a culture of digital security, which results in poor risk management practices. For instance, many of them do not have clear and transparent policies regarding vulnerability disclosure, security updates and their products’ end-of-life. This situation raises serious challenges for digital security, from the enrolment of IoT devices into massive botnets (e.g. as shown by the Mirai malware in 2016) to new risks related to user safety.