DHS Framework and Principles for IoT Devices: What It Means to Your Company
With the growth of the Internet-of-Things (IoT) comes not only opportunities and benefits for our society, but also substantial safety and economic risks. In an effort to combat these risks, the Department of Homeland Security (DHS) issued guidance underlining strategic principles for IoT device security. Though these principles are nonbinding and can be ignored by businesses at will, the guidance will likely influence the standard of reasonable security. IoT device manufacturers are expected to be vulnerable to scrutiny by regulators, the plaintiffs' bar and the courts if they do not consider the DHS guidance.
In this LIVE Webcast, a panel of thought leaders and practitioners assembled by The Knowledge Group will provide an overview of the DHS' Strategic Principles for Securing the Internet of Things and its potential impact to the standard of IoT cybersecurity. The speakers will offer best practices to adopt this guidance, thus, enabling businesses to create a responsible level of security for IoT devices and systems.
Key topics include:
- DHS' Strategic Principles for IoT: An Overview
- Scope, Purpose, and Audience
- Implications to IoT Security Standard
- Best Practices on Strengthening IoT Security
Gerry J. Elman, M.S., J.D., Patent Attorney & Attorney at Law
Elman Technology Law, P.C.
- US DHS issued Strategic Principles for Securing the Internet of Things 12 months ago. This is important guidance, but without specifics or mandatory requirements.
- It refers to the NIST framework for cybersecurity risk management as a comprehensive touchstone for organizational cyber risk management.
- Compare with (and take account of) privacy and security requirements under HIPAA, which are enforced with million-dollar fines.
- Various industries are subject to more specific guidance and regulation, e.g.
- Medical devices under FDA regulation
- Vehicles under DoT regulation
- Standards organizations are developing consensus rules for certification, e.g. UL, ASTM, etc.
Timothy J. Pastore, Partner
Duval & Stachenfeld LLP
- Governments have a duty to protect critical infrastructure, but most assets are private.
- There is no single U.S. federal agency that has overall regulatory responsibility for IoT and, therefore, for cybersecurity.
- Instead, there are different sets of rules to protect different things:
- Critical Infrastructure - military, utilities
- Proprietary Information – corporate trade secrets
- Personal Data – health information, financial and credit data
- The release by the Department of Homeland Security (DHS) of Strategic Principles for Securing the Internet of Things is an effort to fortify the security of the IoT.
- Amidst a patchwork of laws, DHS is seeking is equip private stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems.
- The principals published by DHS are nonbinding – which means private businesses need not strictly comply.
- However, businesses that do not comply do so at their peril – as DHS’s strategic principles could play a role in establishing a standard of care.
- Examples of private claims that could result from the failure to meet the (evolving) standard of care for securing IoT devices:
- Product liability
- State Statutory Violations – particularly consumer fraud and deceptive trade practices
- Corporate Shareholder Derivative Litigation
- Computer Fraud and Abuse Act
- Federal False Claims Act and Whistleblower Claims
Ari J. Scharg, Partner
- Provide the plaintiff’s perspective in consumer privacy cases involving IoT devices;
- Discuss the forensic investigation process;
- Discuss legal theories that work and don't work in IoT consumer privacy cases;
- Discuss pending IoT cases against Bose (wireless headphones) and Lisner (app using bacon technology);
- Talk about the We-Vibe consumer class settlement, which was the first IoT settlement of its kind.
Who Should Attend:
- Data and Security Lawyers
- Chief Information Officers
- Data and Security Officers
- Data and Security Counsel
- Product Managers
- Directors of Engineering
- IoT Device Manufacturers
- System Architects
- Software Developers
- Network Administrators
- IT Professionals
- Other Related/Interested Professionals and Organizations
Gerry Elman is the president of Elman Technology Law, P.C. in Media, Pennsylvania. He generally advises on intellectual property and Internet business law. He helps clients develop IoT systems with security in mind and provides Cybersecurity Compliance Checkups.
He is a seasoned patent attorney and has also served in Harrisburg as a state Deputy Attorney General and as trial attorney with the federal Antitrust Division. He has science degrees from Stanford and the University of Chicago, and earned his law degree at Columbia. He is a widely published author on technology and the law and has been working with computers and online information since the early 1980s. He is co-organizer of the TriState.IoT Meetup in the Philadelphia suburbs and will lead discussions of legal matters on the IoClothes online platform.
Gerry Elman is the president of Elman Technology Law, P.C. in Media, Pennsylvania. He generally advises on intellectual property and …
Tim Pastore is partner at Duval & Stachenfeld LLP -- a leading boutique in New York City with practices in commercial real estate, litigation, tax, corporate, bankruptcy, charitable organizations, electronic security and data privacy/cybersecurity.
Mr. Pastore previously was a partner at a large national firm. He also served as a Captain and Judge Advocate (JAG) in the U.S. Air Force (with tours in Japan and Iceland) and a Special Assistant U.S. Attorney with the U.S. Department of Justice.
Mr. Pastore has a national practice – having served as lead counsel in federal and state courts across the country.
Among other things, Mr. Pastore is a leading expert in electronic security and home automation systems – representing large corporate clients (including several of the largest cable system operators) on risk management/mitigation, contracting, licensing/permitting, customer retention, advertising/marketing/sales, data privacy and cybersecurity.
Mr. Pastore has been awarded the “Super Lawyer” designation each year since 2011.
Mr. Pastore’s full biography is available at: http://dsllp.com/attorneys/timothypastore/.
Tim Pastore is partner at Duval & Stachenfeld LLP — a leading boutique in New York City with practices in …
Ari Scharg is a Partner at Edelson PC and Co-Chair of the firm’s Case Development and Investigations Group. His practice focuses on privacy issues arising from emerging surveillance technologies, including facial recognition applications and beacon tracking programs. Ari works closely with the forensic engineers at Edelson’s in-house lab to test Internet of Things devices for information security and privacy vulnerabilities and to litigate complex privacy and technology cases.
In addition to his litigation practice, Ari chairs the Illinois State Bar Association’s Privacy and Information Security Section, serves on the inaugural Executive Oversight Council for the Array of Things, sits on the Board of the Digital Privacy Alliance, and was appointed as an Observer to the Uniform Law Commission’s Identity Management in Electronic Commerce, Study Committee.
Ari Scharg is a Partner at Edelson PC and Co-Chair of the firm’s Case Development and Investigations Group. His practice …
Print and review course materials
Method of Presentation:
On-demand Webcast (CLE); Group-Internet Based
Experience in data security and privacy law
NASBA Field of Study:
NY Category of CLE Credit:
Areas of Professional Practice
2.0 CPE (Not eligible for QAS (On-demand) CPE credits)
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Elman Technology Law, P.C.
Elman Technology Law, P.C. lawyers advise clients on intellectual property and Internet-related business matters, helping them develop strategies to maximize their ability to leverage intellectual assets and protect the “crown jewels” of their businesses. With regard to cybersecurity, they help clients comply with state and federal laws and standards, to minimize risk of adverse results in litigation over the inevitable breach of cybersecurity.
As a boutique law practice in a suburb of Philadelphia, they can advise developers of Internet of Things systems on the legal and technical requirements for protecting private information. With such guidance, financial and reputational exposure regarding loss of secrecy is minimized. Website: elman.com
About Duval & Stachenfeld LLP
Duval & Stachenfeld LLP is a leading boutique law firm with national and international practices in commercial real estate, litigation, tax, corporate, bankruptcy, charitable organizations, electronic security and data privacy/cybersecurity. The mission of the law firm is to attract, train and retain talented lawyers and to help our clients grow their business.
About Edelson PC
Edelson PC is a leading plaintiff’s class action firm, specializing in litigation centered on technology, digital privacy, and consumer protection issues. The firm has been repeatedly recognized by courts and fellow members of the bar as a pioneer in the consumer technology and data privacy space. Edelson has obtained more than $1 billion in class settlements and has shaped how numerous industries approach consumer protection issues.