APEC Taking Lead on IoT Standards and Cybersecurity

Client Alert | 2 min read | 10.07.19

The rapid growth of the Internet of Things (IoT) is creating new risks, vulnerabilities, and leadership opportunities for the private sector on a global scale. It is estimated 20 billion connected devices will be in operation by 2020 and IoT spending will total nearly $1.4 trillion by 2021.¹ As IoT creates new, innovative opportunities for businesses worldwide, it also introduces new types of cybersecurity risks that will begin to evolve and grow. To continue the secure, innovative growth of the global IoT sector, the business community must find a sustainable solution that takes into account all connected IoT devices, the applications they run, and the networks they use to transmit information.

In the United States, the National Institute of Standards and Technology (NIST) released its guidance document on securing IoT products in August of 2019, which recommends the cybersecurity features to include in these network-capable devices whether designed for consumer or commercial use. The NIST guidance references many of the major European efforts to secure IoT devices, including the European Union Agency for Network and Information Security (ENISA) (2017) Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures, and the European Telecommunications Standards Institute (ETSI) (2019) Cyber Security for Consumer Internet of Things. ETSI Technical Specification 103 645 V1.1.1. At bottom, all of these guidance documents share a common purpose proposing ways to communicate securely, ensure software integrity, and minimize vulnerabilities.

Important guidance on IoT security has also been created by the Asia-Pacific Economic Cooperation (APEC), a group comprised of 21 economies that border the Pacific Rim.² APEC has positioned itself to be a global leader on the development of IoT frameworks, standards, and norms. Historically, APEC has a strong track record for creating standards within the digital economy, including developing the Framework for Securing the Digital Economy and the APEC Internet and Digital Economy Roadmap. Now, with impetus from the U.S. government, the APEC Committee on Trade and Investment (CTI) has started a multi-year initiative to address cybersecurity standards in the APEC region.

The first APEC cybersecurity standards workshop took place in Puerto Varas, Chile during the 3rd Senior Officials’ Meeting in August 2019. Next year, APEC Malaysia 2020 will continue driving the momentum on cybersecurity issues by hosting a CTI workshop focused exclusively on IoT standards. This is a chance to get governments, industry, and academia to collaboratively address IoT challenges and solutions in one of the most dynamic, high-growth regions in the world.

¹ “Demystifying IoT Cybersecurity: The Internet of Things introduces new vulnerabilities across the entire ecosystem. Here’s what you need to know—and prepare for”, IoT Cybersecurity Alliance, 2017.

² Australia; Brunei Darussalam; Canada; Chile; China; Hong Kong, China; Indonesia; Japan; Republic of Korea; Malaysia; Mexico; New Zealand; Papua New Guinea; Peru; The Republic of the Philippines; The Russian Federation; Singapore; Chinese Taipei; Thailand; the United States of America; and Viet Nam

Contacts

Clark Jennings
Crowell Global Advisors Managing Director, Asia
- Singapore (CGA)
  - D | +65.9111.0610
Y2plbm5pbmdzQGNyb3dlbGxnbG9iYWxhZHZpc29ycy5jb20=
Cheryl A. Falvey
Partner
- Washington, D.C.
  - D | +1.202.624.2675
Y2ZhbHZleUBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 5 min read | 12.12.25

Eleventh Circuit Hears Argument on False Claims Act Qui Tam Constitutionality

On the morning of December 12, 2025, the Eleventh Circuit heard argument in United States ex rel. Zafirov v. Florida Medical Associates, LLC, et al., No. 24-13581 (11th Cir. 2025). This case concerns the constitutionality of the False Claims Act (FCA) qui tam provisions and a groundbreaking September 2024 opinion in which the United States District Court for the Middle District of Florida held that the FCA’s qui tam provisions were unconstitutional under Article II. See United States ex rel. Zafirov v. Fla. Med. Assocs., LLC, 751 F. Supp. 3d 1293 (M.D. Fla. 2024). That decision, penned by District Judge Kathryn Kimball Mizelle, was the first success story for a legal theory that has been gaining steam ever since Justices Thomas, Barrett, and Kavanaugh indicated they would be willing to consider arguments about the constitutionality of the qui tam provisions in U.S. ex rel. Polansky v. Exec. Health Res., 599 U.S. 419 (2023). In her opinion, Judge Mizelle held (1) qui tam relators are officers of the U.S. who must be appointed under the Appointments Clause; and (2) historical practice treating qui tam and similar relators as less than “officers” for constitutional purposes was not enough to save the qui tam provisions from the fundamental Article II infirmity the court identified. That ruling was appealed and, after full briefing, including by the government and a bevy of amici, the litigants stepped up to the plate this morning for oral argument....

Client Alert | 8 min read | 12.11.25
Director Squires Revamps the Workings of the U.S. Patent Office
Client Alert | 8 min read | 12.10.25
Creativity You Can Use: CJEU Clarifies Copyright for Applied Art
Client Alert | 4 min read | 12.10.25
Federal Court Strikes Down Interior Order Suspending Wind Energy Development

View All Insights