Federal and state policymakers introduced a range of new measures on artificial intelligence (“AI”) and the Internet of Things (“IoT”) in the first quarter of 2019. In our initial AI & IoT Quarterly Legislative Update, we detail the notable legislative events from this quarter on AI, IoT, cybersecurity as it relates to AI and IoT, and connected and autonomous vehicles (“CAVs”). Unlike prior years, in which federal lawmakers largely called for studies of these new technologies and supported investments in them, policymakers are increasingly introducing substantive proposals—particularly on AI and cybersecurity, and at the state level.
Continue Reading AI and IoT Legislative Developments: First Quarter 2019

The European Commission (“Commission”) has published a Recommendation on cybersecurity in the energy sector (“Recommendation”). The Recommendation builds on recent EU legislation in this area, including the NIS Directive and EU Cybersecurity Act (see our posts here and here). It sets out guidance to achieve a higher level of cybersecurity taking into account specific characteristics of the energy sector, including the use of legacy technology and interdependent systems across borders.

Continue Reading IoT Update: EU Commission Issues Recommendation on Cybersecurity in the Energy Sector

On March 11, 2019, a bipartisan group of lawmakers including Sen. Mark Warner and Sen. Cory Gardner introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The Act seeks “[t]o leverage Federal Government procurement power to encourage increased cybersecurity for Internet of Things devices.” In other words, this bill aims to shore up cybersecurity requirements for IoT devices purchased and used by the federal government, with the aim of affecting cybersecurity on IoT devices more broadly.

Continue Reading Senate Reintroduces IoT Cybersecurity Improvement Act

The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft project on securing sensor networks for the Internet of Things (“IoT”). Organizations and individuals concerned with the security of IoT sensor networks are invited to comment on the draft through March 18, 2019.

Sensor networks are integral parts of many modern

Updated (5/3/2018)

On April 17, the Federal Communications Commission (“FCC”) broke new ground in the agency’s role in national security policy by voting unanimously to approve a Notice of Proposed Rulemaking captioned “Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs” (the “NPRM”).  The deadline for filing comments is June 1, 2018, and reply comments are due July 2, 2018.

As the title indicates, the NPRM seeks comment on a framework to reduce supply chain risks for telecommunications equipment and services deployed throughout the country. The item acknowledges a specific role for the FCC in this arena: to ban use of Universal Service Fund (“USF”) subsidies in ways that undermine or pose a threat to national security. In short, the FCC proposes to use the power of the purse—in the case of USF, about $9 billion in subsidies per year—to dissuade companies from using equipment sourced from companies or countries that pose a national security concern.

Although the approach is narrow in scope, in practice the NPRM could produce a final rule that would significantly affect the selections of equipment and services by some USF recipients, particularly rural and smaller providers who reportedly are more likely to have purchased equipment from targeted suppliers. Additionally, as explained below, this proposed rule could affect USF recipients that do not use prohibited equipment and service providers, depending on whether some of their subcontractors use them.
Continue Reading Covington Internet of Things Update: FCC Looks to Bolster the Communications Supply Chain

The “Internet of Things” (IoT)—the network of consumer devices connected to the Internet through digital connections and sensors—has dramatically grown over the past five years. A McKinsey analysis estimated that the potential annual economic impact of IoT in 2025 could be between $4 trillion and $11 trillion, with value accruing in manufacturing, urban spaces, human wellness, retail, autonomous vehicles, homes, and other sectors. An analysis by Gartner, Inc. estimated that in 2018, nearly 11.2 billion connected things will be in use globally, and that this figure will surpass 20 billion by 2020.

IoT already has global reach. Nearly one-third of the overall installed IoT base is located outside China, North America, and Western Europe. And although IoT use will continue to grow in commerce and industry, more than 63% of IoT-connected units are already available on the consumer market. Some “smart” consumer products—such as fitness monitors, wearable devices, smart thermostats, and smart TVs—are well-established. In the coming years, connected devices will continue to expand in other categories, including kitchen appliances, toys, and medical devices, among many others.
Continue Reading Covington Internet of Things Update: U.S., U.K., and E.U. Regulators Turn Focus to IoT

Two hundred billion IoT devices could be in use by 2020, according to one estimate cited in the World Economic Forum’s recent report, Mitigating Risk in the Innovation Economy.  This rapid integration of the digital world and the physical world presents unprecedented opportunities for businesses in a wide array of industries.  But it also

Inflection Point for IoT

In a relatively short amount of time, the adoption of the Internet of Things (IoT) and its applications— from smart cars to the myriad of interconnected sensors in the General Service Administration building reminiscent of HAL 9000 from 2001: A Space Odyssey— has rapidly proliferated, providing significant opportunities and benefits. However,

The US Information Security and Privacy Board (ISPAB) voiced concerns over potential harms resulting from a lack of controlled management of cybersecurity in wireless medical devices in response to the FDA’s  draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”  ISPAB operates under the National Institute of Standards and Technology (NIST) in its Computer Security Division, and its goals include identifying emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy.
Continue Reading US Information Security and Privacy Board Expresses Concerns about Management of Cybersecurity in Wireless Medical Devices

On March 29, the American Chamber of Commerce in China (“AmCham China”) released its 15th annual Business Climate Survey.  This year, AmCham China polled 325 of its members, most of which are U.S. companies operating in China.  According to AmCham China’s Chairman, this year’s results reflect “expectations for growth” tempered with “a more conservative