Session
Dynamic Coalition on the Internet of Things and Internet Standards, Security and Safety Coalition
Roundtable
Duration (minutes): 60
Format description: During the open session there is usually a good number of newcomers, next to a core of people that have been supporting the DC IoT and IS3C for multiple years, and invited experts. For each of the points on the agenda we foresee (1) short introduction; (2) invited panel reaction; (3) free flow with all participants in the room. A round table setup works best as people can interact better, rather than "wait for their turn", and 60 minutes helps ensure we can properly address a number of the key points that have been coming up, successively.
When we consider future challenges, new national cybersecurity policies in various countries have started addressing IoT security more directly:
- European Union: The EU has introduced the Cyber Resilience Act, which imposes mandatory cybersecurity requirements for digital products, including IoT devices, covering their entire lifecycle from design to disposal. This act aims to standardize IoT security across the EU and ensure that manufacturers comply with stringent cybersecurity standards.
- United States: The US continues to advance its IoT security framework under various initiatives, including expanding IoT security labeling programs to help consumers understand and compare the cybersecurity protections of different IoT devices. This is part of broader efforts to enhance national IoT security as part of the country's cybersecurity strategy.
- Global Perspective: Various countries are adopting or updating their cybersecurity frameworks to address IoT security explicitly. For example, the NIS2 Directive in the EU, which will be fully transposed into national law by October 2024, expands the scope of cybersecurity rules to cover more sectors, including those that heavily rely on IoT systems.
These developments highlight the global movement towards more robust IoT security, with new regulations and policies being implemented to address the growing risks associated with the proliferation of connected devices. The Security issues strongly relate to the data management issues related to confidentiality and privacy, and all this needs to take into account the challenges and opportunities offered by emerging technologies such as Artificial Intelligence and Quantum computing.
Agenda:
Introduction and Common Ground (5 mins)
Speakers: Wout de Natris (DC IS3C) and Maarten Botterman (DC IoT)
Panel 1: Current IoT Security developments Mini Panel (10 + 5' Open Floor)
Speaker 1 – Renee Roland (FCC) on the USA initiative towards secure IoT with a focus on labelling and certification to empower users to make smarter choices. – and the need to work towards international mutual recognition of standards
Speaker 2: Nicolas Fiumarelli (Chair, IS3C WG1) on the results of a global comparison of IoT Security related policies, regulations ad standards.
Panel 2: IoT Data Governance and Privacy (10 + 5' Open Floor)
Speaker 1: Jonathan Cave (Alan Turing Institute, Warwick University, DC IoT) addressing the data governance issues that relate to IoT – acknowledging that many live data related to persons are collected, and through analysis may be relatable to people.
Speaker 2: Nicolas Fiumarelli (Chair, IS3C WG1) on the results of a global comparison on IoT data privacy related policies and regulations.
Panel 3: IoT Governance and Emerging Technologies: Quantum & AI - Mini Panel (10 + 5' Open Floor)
Speaker 1: Elif Kiesow Cortez (Chair, IS3C WG3) explaining the need to ensure Quantum Proof Encryption (QPC) in IoT environments forfuture-proofing against emerging threats relating to relating to IoT devices and IoT ecosystems.
Speaker 2: Maarten Botterman (Chair, Global Forum of Cyber Expertise WG E on Emerging Technologies, DC IoT) highlighting the importance of awareness and capacity building with regards to ensure continued justified trust in the use of IoT environments in towards the future.
Preliminary conclusions and next steps (5 mins)
All participants are invited to share their input and comments via email after the session, as preparations for IGF2025 require rapid follow up to the results of this meeting.
Maarten Botterman, ICANN Board; GNKS Consult; DC IoT Chair; Netherlands; Jonathan Cave, University of Warwick, Alan Turing Institute, DC IoT; UK; Dan Caprio, Providence Group, DC IoT; USA; Wout de Natris, de Natris Consult, DC IS3C Chair; Netherlands Shane Tews, Logan Circle Strategies, former DC IoT Chair, Nicolas Fiumarelli, Chair, IS3C WG1, Elif Kiesow Cortez, Chair, IS3C WG9
Maarten Botterman is an independent policy advisor on information society matters. He is currently ICANN Board Member, Global Forum for Cyber Expertise WG on Emerging Technologies Chair, and Chair of the IGF Dynamic Coalition on the Internet of Things.
Wout de Natris is an internet governance consultant at De Natris Consult based in the Netherlands. He is e.g. the community manager for the new international community for the Dutch Platform Internetstandards around the internet.nl tool and coordinator of the IGF Dynamic Coalition Internet Standards, Security and Safety Coalition (IS3C).
Renée Roland serves as Special Counsel for the Federal Communications Commission’s Public Safety and Homeland Security Bureau, responsible for addressing a number of spectrum policy, cybersecurity and emergency management issues. Ms. Roland currently serves as a taskforce co-chair of the Cybersecurity Forum for Independent and Executive Branch Regulators, and leads the implementation of the Cybersecurity Labeling for Internet of Things program (U.S. Trust Mark) for the Commission.
Nicolas Fiumarelli is a Computer Engineer who graduated from the University of the Republic of Uruguay, working as a Software and Networks Engineer at the Regional Internet Registry for Latin America and Caribbean (LACNIC) since 2012. He is also Chair of IS3C WG1 on IoT Security.
Dr. Jonathan Cave is a GNKS Consult Associate, Senior Fellow in Economics at Warwick University, Economist Member of the UK Regulatory Policy Committee and Fellow at the Alan Turing Institute (Digital Ethics Research Group and Ethics Advisory Committee).
Dr. Elif Kiesow Cortez is a research fellow at Stanford Law School and collaborates with the Stanford Institute for Human-Centered AI. Elif works in designing governance mechanisms for responsible and ethical deployment of technology. She is also Chair of IS3C WG9 on Emerging Technologies.
Maarten Botterman
Wout de Natris
Jonathan Cave, Nicolas Fiumarelli
2. Zero Hunger
3. Good Health and Well-Being
6. Clean Water and Sanitation
7. Affordable and Clean Energy
8. Decent Work and Economic Growth
9. Industry, Innovation and Infrastructure
11. Sustainable Cities and Communities
12. Responsible Production and Consumption
13. Climate Action
14. Life Below Water
15. Life on Land
Targets: - Goal 2 End hunger (specifically 2.3 and 2.4): IoT is already used today to improve crops; - Goal 3. Ensure healthy lives (specifically 3.6 and 3.9): IoT is already today essential for traffic management and environmental warning systems; - Goal 6 Water and sanitation (specifically 6.3; 6.4; 6.5; and 6.6): IoT as become an important part of water management: preventing dumping, alerting in case of hazardous chemicals and materials in the water, and distributing water efficiently; - Goal 7 access to energy (specifically 7.2 and 7.3): for instance sensors and switches that manage energy collection and distribution, detect failures, and increasingly also allow two-way energy streaming and local production; - Goal 8 Economic growth and jobs (specifically 8.2 and 8.3): with modest investments, first steps towards IoT enabled solutions become possible. This does not only allow entrepreneurship and start-ups to take place with minimal resources, it also potentially brings IoT applications to where solutions need to be provided; - Goal 9 Resilient infrastructure and sustainable industry: sustainability comes with feedback loops, and IoT networks are very well suited to provide this feedback, automatically, based on measurements in the system; - Goal 11 Sustainable cities and settlements (specifically 11.4, 11.5, 11.6, 11.7) Networks of monitoring systems and sensors will be able to detect natural disasters building up. Partly, autonomous protection systems can be build in (like closing dams). Monitoring also helps in keeping public spaces safer Cities around the world have started to experiment with IoT applications in many ways, ranging from intelligent waste collection to smart lighting, city bikes on subscription basis to smart traffic management systems and alerts for unhealthy pollution levels; - Goal 12: Sustainable consumption and production (specifically 12.5 and 12.6): feedback loops that become possible thanks to the use of tags and sensors in materials. Maintenance when needed, as indicated by the object that may require maintenance, such as cars, industrial machines, etc.; - Goal 13, 14 and 15 Sustainable environment related: measuring and feedback loops;
Report
The Internet of Things (IoT) is increasingly integral to various systems in society, including industrial, domestic, and urban environments. IoT devices and services enhance our comfort, safety and resource efficiency, addressing societal challenges such as those outlined in the UN’s Sustainable Development Goals (SDGs). IoT collects data from sensors, which is then stored, shared, and utilised in numerous ways, including by IoT actuators —more or less transparently, and with varying degrees of protection against misuse, tampering, or unauthorised access.
This is where DC IoT and IS3C converge: How can we establish global best practices to better understand and interact with IoT devices and services securely and safely?
Recent developments, such as the EU’s Cyber Resilience Act and NIS2 Directive, and the U.S. Trust Mark initiative, highlight a global movement towards robust IoT security. New regulations and policies are being implemented to address the growing risks associated with the proliferation of connected devices. There are close links between data management issues such as privacy, integrity and confidentiality and broader policy concerns including security and consumer protection. In particular, our understanding of and response to these intersecting issues must consider the challenges and opportunities presented by emerging technologies like Artificial Intelligence and Quantum Computing. This workshop focused on this evolving landscape, focussing on the intersection of IoT security and data governance.
Renee Roland, Special Counsel for the Federal Communications Commission’s Public Safety and Homeland Security Bureau, opened the discussion by highlighting the U.S. initiative towards secure IoT. She emphasised the importance of labelling and certification through the U.S. Trust Mark, which aims to enable users to make informed choices about the devices they use. Renee also stressed the need for international mutual recognition of standards to ensure a cohesive global approach to IoT security.
Next, Nicolas Fiumarelli, Chair of IS3C WG1 IoT Security by design, presented the findings from a global comparison of IoT security-related policies, regulations, and standards conducted last year. He underscored the necessity of harmonising these standards across different regions. Nicolas pointed out that governments could set a strong example by incorporating good practice standards into their procurement processes, thereby driving broader adoption of secure IoT practices.
Jonathan Cave, Alan Turing Institute and Warwick University, delved into the complexities of data governance in the IoT realm. He noted the vast amount and variety of live data collected from individuals and groups and the potential for these data to be linked back to people through analytics. Jonathan called for a cross-disciplinary approach to developing responsible data governance practices that balance the benefits of data use with the need to protect privacy and other rights. Nicolas echoed these sentiments, referencing a global comparison on IoT data privacy policies and regulations by IS3C that supported this need for careful data management.
Elif Kiesow Cortez, Chair of IS3C WG3, drew attention to the future-proofing of IoT environments through Quantum Proof Encryption (QPC). She explained the importance of preparing for emerging threats posed by advances in quantum computing (e.g. as regards encryption). Elif noted that initial work on QPC has begun, and that IS3C plans to further explore how to implement these protections effectively.
Finally, Maarten Botterman, Chair of the Global Forum of Cyber Expertise WG E on Emerging Technologies, emphasised the critical role of awareness and capacity building in maintaining trust in IoT systems. He stressed the critical role of understanding the challenges and opportunities presented by IoT, and pointed out the need for capacity building to ensures that global resources can be effectively utilised for local applications. Maarten's message was clear: continued education and skill development are essential to navigating the future of IoT securely.