The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/984836
35 WWW.ILTANET.ORG Connected Devices and the Increasing Regulatory Focus on Cybersecurity FEATURES controls allows you to manage your home's thermostats, fire alarms, door locks and security systems via your smartphone. August provides locks that allow you to remotely control access to the front door. Even Echo from Amazon is geing into the act. All of these devices pose potential cybersecurity vulnerabilities. Further, they all record (some more than others) your behavior in that private space you call home. As with autonomous vehicles, a cybersecurity compromise of these kinds of devices is likely to lead to real, physical damage to the individual. It is this potential for real-world damage that is creating a change in the liability landscape for soware developers. Reasonable security has become a core component of the development lifecycle. It is not something you can just build in later. Regulators Take Notice The expansion of IoT devices, the possibility of autonomous vehicles and the proliferation of social media in all of our lives have left regulators trying to keep up. The earlier National Highway Traffic Safety Administration guidance on cybersecurity is only one example. The Federal Trade Commission (FTC) took its cybersecurity guidance into the IoT space with its 2017 "Home Inspector Challenge," a competition asking the public to create solutions to IoT security issues. The Federal Communications Commission has started focusing on IoT security as well, especially on security protocols. Takeaways The volume of connected devices is increasing and the distinction between online and offline is eroding. Take these two together and we see that the potential injury to individuals is escalating. With regulators now focused on cybersecurity, it is clear that cybersecurity is no longer merely an aerthought or something just to be le up to the IT department. Cybersecurity must now be a core component of any business strategy. It needs to be integrated into the product development lifecycle and cannot be taken for granted. Security by design is the direction that is required in order to avoid risk (either regulatory or tort) as well as to move the markets forward. P2P Autonomous Vehicles In 2017 we saw the development of self-driving cars pulling into the fast lane. Uber has been experimenting with autonomous vehicles and Google announced its acquisition of Waymo to jump start its autonomous vehicle project. Toyota is opening a new research imitative for the evolution of the automobile and BMW, Audi, Honda, Tesla and Mercedes all are at different levels of producing their own autonomous vehicle brands. This development brings with it the twin challenges of cybersecurity and privacy. But unlike other advances in information technology, this evolution has some very real and physical implications if the cybersecurity portion is done wrong. For example, in 2016 researchers demonstrated how they could remotely hack into the control systems of a Jeep Cherokee. This was concerning enough, but consider the impact if some malicious person hacked into the control core managing all autonomous vehicles of a particular manufacturer. One shudders at the possibilities. As a result, soware (and by extension cybersecurity) is starting to venture into the realm of products liability. The traditional view of soware not being a product is being diluted with the integration of soware into automobiles. Consequently, cybersecurity and reliability become significantly more important for developers needing to manage risk, which now can cause bodily harm as opposed to merely financial inconvenience. It is a lot easier to show damages in a car wreck than it is in a cookie being placed on your smartphone. This reality has not been lost on regulators. The National Highway Traffic Safety Administration has taken a strong position in the area of cybersecurity and automobiles as shown in their Cybersecurity Best Practices for Modern Vehicles. While the guidance was published in 2016, with autonomous vehicles moving closer to reality it has become an important reference point for manufacturers. Smart Homes There are a number of smart products previously used exclusively for the management of commercial buildings that are now being marketed for personal residences. Philips makes smart light bulbs. Nest's suite of smart JOHN TOMASZEWSKI John Tomaszewski is partner in the International Data Protection Practice Group of Seyfarth Shaw LLP and the co-lead of the firm's Global Privacy & Security (GPS) Special Team. He is based in the firm's Houston office and has significant experience counseling companies regarding data protection and information security throughout the Americas, Europe and Asia. Security by design is the direction that is required in order to avoid risk (either regulatory or tort) as well as to move the markets forward.