The US Federal Trade Commission is holding off regulating the Internet of Things industry until there is an event which “harms consumers right now”, according to its acting head.
Maureen Ohlhausen, the American regulator’s acting head, told a gathering of cyber security professionals that she was not inclined to impose mandatory regulations on IoT devices.
“We haven’t taken a position,” she said, according to The Guardian.
“We’re saying not ‘Let’s speculate about harm five years out,’ but ‘Is there something happening that harms consumers right now or is likely to cause harm to consumers,’” she added. The British newspaper contrasted her position with the Dyn cyberattack last October, when millions of hacked IoT devices crapflooded Dyn’s widely used DNS servers and knocked many big websites offline, including Reddit, Netflix and Github.
Across the Atlantic, British regulators are seemingly barely aware of the existence of the IoT, let alone thinking about regulating it. Though various snake-oil salespeople keep announcing various unitary standards (as the XKCD cartoon goes, “problem: you have 24 competing standards. I know, let’s unify them! Problem: you have 25 competing standards...”), everyone’s still fairly fragmented and it looks like things are going to stay that way for the next few years.
Though big boys like ARM are slowly moving towards reference designs, judging by their recent M&A activity, everything from layer 3 upwards is still a free-for-all.
While the wireless networking side of the Internet of Things seems to have coalesced down to three or four players, it’s the interaction between silicon and security where the Things are still open to exploitation. ®