Can the Senate make sense of the Internet of Things?

Lawmakers and experts discuss how to ensure IoT security without getting in the way of innovation.

Shutterstock image (by TijanaM): global network concept.

(Image: TijanaM / Shutterstock)

Senators spent some time Feb. 11 talking about the Internet of Things. Nobody mentioned tubes, although one legislator did want to know who was reading what his FitBit says. What they decided was this: First, figure out what this Internet of Things thing actually is. Then, figure out how to secure it, hopefully without crushing its spirit.

A panel of five experts told the Senate Commerce, Science and Transportation Committee that new policies, standards and security practices need to be in place before the IoT can safely and successfully advance. Senators seem to be buying it.

"Let's not stifle the Internet of Things before we, the consumers, can understand its real promise and implications," Committee Chairman John Thune (R-S.D.) said in his opening remarks.

Many of the security concerns mentioned at the hearing centered on the cyber risks of consumer technology, although the panelists stressed that the future of the Internet of Things lies more in industrial than consumer uses.

Senator Kelly Ayotte (R-N.H.) asked the panel for suggestions on how to protect innovation while securing user data. Nearly one-quarter of the people in Ayotte's home state of New Hampshire were potentially affected by the recent data breach at Anthem Insurance.

"We have to be a bit careful in terms of how we create policy or legislation, in terms of enabling industry to innovate," said Douglas Davis, vice president and general manager at the Internet of Things group at Intel. "Security is the number one concern, I believe we can build that into products these technologies are being built around.

Despite many interjections by members of the committee that more encryption was necessary, Davis said that while encryption will help, it won't be a "panacea" in securing IoT devices.

"One way to look at this is to look at how eCommerce emerged on the Internet," said Michael Abbott, general partner at Kleiner Perkins Caufield & Byers. "Initially there were websites that did transactions that were not necessarily encrypted, and there were attacks. And I think the same way that over time best practices were adopted by engineering teams, the same will occur with IoT."

The panelists, who also included Justin Brookman, director of the Consumer Privacy Project Center for Democracy & Technology, Lance Donny, CEO of OnFarm, and Adam Thierer, a senior research fellow at George Mason University's Mercatus Center, noted that security risks exist in both consumer and industrial realms.

"Intel prioritizes the security, accuracy, privacy and integrity of data in all market sectors, and especially in the industrial domain where the safeguarding of critical infrastructure can be vital to economic and social stability," Davis said.

If a legislative consensus on balancing security and innovation is not quick in coming, Davis said, there are steps lawmakers can take. Congress could work to encourage education for the next wave of engineers and data scientists who can do meaningful data analytics, he said, as well as support innovation by aiding industry consortiums and public-private partnerships.