Abstract
AbstractThe Internet of Things (IoT) is a disruptive innovation known for its socio‐economic potential, but also for generating unprecedented vulnerabilities and threats. As a dynamic sociotechnical system, the IoT comprises well‐known cybersecurity risks and endemic uncertainties that arise as IoT adoption increases and the system evolves. We highlight the impact of these challenges by analyzing how insecure IoT devices pose threats to both consumer protection and the Internet's infrastructure. While recent regulatory responses are starting to target IoT security risks, crucial deficiencies – especially related to the feedback necessary to keep pace with emerging risks and uncertainties – must be addressed. We propose a model of adaptive regulatory governance that integrates the benefits of centralized risk regulatory frameworks with the operational knowledge and mitigation mechanisms developed by epistemic communities that manage day‐to‐day Internet security. Rather than focusing on the choice of regulatory instruments, this model builds on the “planned adaptive regulation” literature to highlight the need to systematically plan for a knowledge‐sharing interface in regulatory governance design for disruptive technologies, facilitating the feedback necessary to address evolving IoT security risks.
Highlights
The Internet of Things (IoT) is projected to have significant positive impacts on contemporary public policy objectives, from remote public service provision in healthcare to more efficient resource management of energy systems
Adaptive governance for the internet of things have far focused on balancing self-regulation and mandatory requirements. While these approaches build on the knowledge of pre-existing cybersecurity risks, they rarely incorporate timely information about emerging risks derived from indicators of Internet security and stability
Building on notions of reflexive governance, where responding to continuous sociotechnical change requires iterative feedback from regulated entities at each stage of the regulatory policy cycle (Sabel et al 2018; Scott 2018), this article proposes a model that expands the scope of regulatory governance to (i) integrate more timely feedback from actors managing risks and uncertainties in complex sociotechnical systems on a day-to-day basis (Sowell 2019) and (ii) develop strong, explicit commitments to adapting rules in order to address new threats and vulnerabilities as they are identified
Summary
The Internet of Things (IoT) is projected to have significant positive impacts on contemporary public policy objectives, from remote public service provision in healthcare to more efficient resource management of energy systems. While these approaches build on the knowledge of pre-existing cybersecurity risks, they rarely incorporate timely information about emerging risks derived from indicators of Internet security and stability These indicators of evolving threats and vulnerabilities are continuously developed and refined within communities of operational actors who manage the security of the Internet’s infrastructure on a day-to-day basis. Building on notions of reflexive governance, where responding to continuous sociotechnical change requires iterative feedback from regulated entities at each stage of the regulatory policy cycle (Sabel et al 2018; Scott 2018), this article proposes a model that expands the scope of regulatory governance to (i) integrate more timely feedback from actors managing risks and uncertainties in complex sociotechnical systems on a day-to-day basis (Sowell 2019) and (ii) develop strong, explicit commitments to adapting rules in order to address new threats and vulnerabilities as they are identified. One of the key challenges addressed by our model is developing knowledge sharing interfaces that tighten the feedback loops between centralized risk regulatory frameworks and operational epistemic communities, reducing regulatory lag by updating standards and requirements more dynamically, as new IoT security threats and vulnerabilities emerge
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
