APEC Taking Lead on IoT Standards and Cybersecurity
Client Alert | 2 min read | 10.07.19
The rapid growth of the Internet of Things (IoT) is creating new risks, vulnerabilities, and leadership opportunities for the private sector on a global scale. It is estimated 20 billion connected devices will be in operation by 2020 and IoT spending will total nearly $1.4 trillion by 2021.1 As IoT creates new, innovative opportunities for businesses worldwide, it also introduces new types of cybersecurity risks that will begin to evolve and grow. To continue the secure, innovative growth of the global IoT sector, the business community must find a sustainable solution that takes into account all connected IoT devices, the applications they run, and the networks they use to transmit information.
In the United States, the National Institute of Standards and Technology (NIST) released its guidance document on securing IoT products in August of 2019, which recommends the cybersecurity features to include in these network-capable devices whether designed for consumer or commercial use. The NIST guidance references many of the major European efforts to secure IoT devices, including the European Union Agency for Network and Information Security (ENISA) (2017) Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures, and the European Telecommunications Standards Institute (ETSI) (2019) Cyber Security for Consumer Internet of Things. ETSI Technical Specification 103 645 V1.1.1. At bottom, all of these guidance documents share a common purpose proposing ways to communicate securely, ensure software integrity, and minimize vulnerabilities.
Important guidance on IoT security has also been created by the Asia-Pacific Economic Cooperation (APEC), a group comprised of 21 economies that border the Pacific Rim.2 APEC has positioned itself to be a global leader on the development of IoT frameworks, standards, and norms. Historically, APEC has a strong track record for creating standards within the digital economy, including developing the Framework for Securing the Digital Economy and the APEC Internet and Digital Economy Roadmap. Now, with impetus from the U.S. government, the APEC Committee on Trade and Investment (CTI) has started a multi-year initiative to address cybersecurity standards in the APEC region.
The first APEC cybersecurity standards workshop took place in Puerto Varas, Chile during the 3rd Senior Officials’ Meeting in August 2019. Next year, APEC Malaysia 2020 will continue driving the momentum on cybersecurity issues by hosting a CTI workshop focused exclusively on IoT standards. This is a chance to get governments, industry, and academia to collaboratively address IoT challenges and solutions in one of the most dynamic, high-growth regions in the world.
1 “Demystifying IoT Cybersecurity: The Internet of Things introduces new vulnerabilities across the entire ecosystem. Here’s what you need to know—and prepare for”, IoT Cybersecurity Alliance, 2017.
2 Australia; Brunei Darussalam; Canada; Chile; China; Hong Kong, China; Indonesia; Japan; Republic of Korea; Malaysia; Mexico; New Zealand; Papua New Guinea; Peru; The Republic of the Philippines; The Russian Federation; Singapore; Chinese Taipei; Thailand; the United States of America; and Viet Nam
Insights
Client Alert | 2 min read | 05.27.25
Federal Circuit Resolves Circuit Split on Scope of IPR Estoppel
As part of the 2012 America Invents Act, statutory estoppel was included to balance the interests of patent owners and patent challengers following an inter partes review (“IPR”). Estoppel prevents an IPR petitioner from later asserting in court that a claim “is invalid on any ground that the petitioner raised or reasonably could have raised” during the IPR. 35 U.S.C. § 315(e)(2). As applied, estoppel prevents petitioners from later relying in district court or in ITC proceedings on most patents or printed publications – the limited bases upon which petitioner can rely in an IPR. But a question remained, and contradictory district court decisions arose, as to whether petitioners would be estopped from relying on a prior art commercial product (known as “device art,” which could not itself have been raised in the IPR) even if a printed publication describing the product (i.e. a patent or technical manual) was available and presumably could have been raised.
Client Alert | 3 min read | 05.23.25
Executive Order Seeks Most-Favored-Nation Drug Pricing and HHS Announces Price Targets
Client Alert | 4 min read | 05.22.25
Opportunities for Procurement on the Horizon as UK Concludes Free Trade Agreement With India
Client Alert | 2 min read | 05.22.25
What Trump’s Nominee for IRS Commissioner Could Mean for Employee Retention Tax Credit Enforcement