Oregon has recently passed a new cybersecurity statute, joining California in requiring manufacturers of “connected devices” to equip qualifying technology with “reasonable security features.” The new law will go into force on January 1, 2020. For further analysis, visit our recent client alert.
Cheryl A. Falvey is a partner in the Mass Tort, Product, and Consumer Litigation Group, a leader in the firm’s Digital Transformation initiative, and a member of the firm’s management board. An experienced trial lawyer, she defends class actions, unfair competition, product liability and other mass tort claims arising out of consumer, occupational, and environmental exposures, as well as antitrust, trade secret, intellectual property, and other technology litigation. She also provides brand and consumer protection counseling services, with a focus on product safety and security, including the Internet of Things; privacy; anti-counterfeiting; and digital media, including sweepstakes, promotions, and advertising. Ms. Falvey represents a wide range of clients, from emerging companies to multinational Fortune 500 conglomerates, in the automotive, chemical, consumer products, fashion and apparel, food and beverage, retail, medical device, and technology industries. Ms. Falvey was named to the National Law Journal's 2014 list of Governance, Risk & Compliance Trailblazers & Pioneers.
Following a draft Interagency Report published in February, the National Institute of Standards and Technology (“NIST”) has published NISTIR 8200: Interagency Report on the Status of International Cybersecurity Standardization for the Internet of Things (IoT), which seeks to assess the “current state of international cybersecurity standards development for IoT.” In this effort, the Report defines the major areas where IoT is currently being used and evaluates various IoT cybersecurity standards commonly applied in those areas. To evaluate the surveyed IoT standards, the Report relies on a framework that breaks the standards down into twelve core areas, each of which designates a distinct, common element of cybersecurity measures.
Where IoT is Being Used the Most
To help evaluate the current understanding of cybersecurity risks involved in IoT applications and the methods used to measure them, the Report overviews major IoT technologies and how they are deployed. It then breaks down the network-connected devices, systems, and services comprising IoT into five major categories of application, explaining the common components of each:
Responding to the rise of interconnected technology, the National Institute for Standards and Technology (NIST) has recently issued an introductory document in a planned series of cybersecurity publications addressing Internet of Things (IoT) privacy risks. Open for comment through October 24, 2018, the Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and …
The big takeaways from The Autonomous Vehicle Safety Regulation World Congress centered on the importance of a federal scheme for AV regulation and the reality of the states’ interest in traditional issues such as traffic enforcement, product liability, and insurance coverage. In keeping with those messages, the World Congress kicked off with NHTSA Deputy Administrator and Acting Director, Heidi King, speaking about NHTSA’s goals and interest followed almost immediately with wide participation from the states including California, Michigan, and Pennsylvania, among others.
Deputy Administrator King emphasized NHTSA’s desire to foster an environment of collaboration among all stakeholders, including the states. Ms. King emphasized that safety remains the top priority at NHTSA. NHTSA has provided some guidance, and looks forward to hearing from stakeholders about the best way to support and encourage growth in autonomous vehicles. NHTSA wants to provide a flexible frame work to keep the door open for private sector innovation. It is necessary to build public trust and confidence in the safety of autonomous vehicles, and that can only accomplished by all stakeholders working together.
NHTSA is working on the next version of AV guidance, having already issues its 2.0 version, with an expected release of 3.0 in 2018. The guidelines will remain voluntary, but NHTSA is ready to support entities as they try to implement the voluntary guidance. Working with the states, DOT, OEMs, and other stakeholders, NHTSA hopes to continue to be flexible and allow for rapid changes. Later in the conference lawyers emphasized the importance of compliance with the guidance in minimizing liability particularly in no-fault states such as Michigan.
Dr. Bernard Soriano, deputy director, California Department of Motor Vehicles, similarly confirmed that California’s overarching interest in regulating AV is the safe operation of vehicles on its roadways. In summarizing California’s recent October 11, 2017 release of revised regulations, he emphasized that “change happens fast,” and that the state is pleased to now be close to allowing completely driverless testing. He recognized the federal preemption on the design of the vehicle and its crashworthiness and emphasized the state’s interest in the operation of the vehicles and compliance with state traffic laws.…