Critical Infrastructure and IoT

Robert Metzger, Shareholder, Rogers Joseph O’Donnell 

• a variety of constraints to direct government involvement in IoT
• regulators: doesn’t trust private sector to do enough, but regulation tends to be prescriptive.
• NIST can play critical role: standards and best practices, esp. on privacy and security.
• Comparatively, any company knows more about potential and liabilities of IoT than any government body. Can lead to bewildering array of IoT regulations that can hamper the problem.
• Business model problem: security expensive, may require more power, add less functionality, all of which run against incentive to get the service out at lowest price. Need selective regulation and minimum standards. Government should require minimum standards as part of its procurement. Government rarely willing to pay for this.
• Pending US regulation shows constant tension between regulation and innovation.

Gary Butler, CEO, Camgian 

• Utah cities network embedding sensors.
• Scalability and flexibility needed. Must be able to interface with constantly improving sensors.
• Expensive to retrofit sensors on infrastructure.
• From physical security perspective: cameras, etc. to provide real-time situational awareness. Beyond human surveillance. Add AI to augment human surveillance.
• “Dealing with ‘data deluge.'”  Example of proliferation of drones. NIST might help with developing standards for this.
• Battery systems: reducing power consumption & creating energy-dense batteries. Government could help. Government could also be a leader in adoption.

Cyber-Criminality, Security and Risk in an IoT World

• Social media involved in most cyberwar attacks & most perps under 21.  They become linked solely by social media.
• offensive threats far outstrip defenses when it comes to data
• now we’re connecting billions of things, very vulnerable. Add in driverless cars & threat even greater. Examples: non-encrypted data from pacemakers, and the WIRED Jeep demo.

Belisario Contreras, Cyber Security Program Manager, Organization of American States

• must think globally.
• criminals have all the time to prepare, we must respond within minutes.
• comprehensive approach: broad policy framework in 6 Latin American countries.

Samia Melhem, Global Lead, Digital Development, World Bank

• projects: she works on telecommunications and transportation investing in government infrastructure in these areas. Most of these governments have been handicapped by lack of funding. Need expert data integrators. Integrating cybersecurity.

Stephen Pattison, VP Public Affairs, ARM

• (yikes, never thought about this!) cyberterrorist hacks self-driving car & drives it into a crowds.
• many cyber-engineers who might go to dark side — why hasn’t this been studied?
• could we get to point where IoT-devices are certified secure (but threats continually evolve. Upgradeability is critical.
• do we need a whistleblower protection?
• “big data starts with little data”

Session 4: Key Policy Considerations for Building the Cars of Tomorrow – What do Industry Stakeholders Want from Policymakers?

Ken DiPrima, AVP New Product Development, IoT Solutions, AT&T

• 4-level security approach: emphasis on end-point, locked-down connectivity through SIM, application level …
• deep in 5-G: how do you leverage it, esp. for cars?
• connecting 25+ of auto OEMs. Lot of trials.

Rob Yates, Co-President, Lemay Yates Associates

• massive increase in connectivity. What do you do with all the data? Will require massive infrastructure increase.

Michelle Avary, Executive Board, FASTR, VP Automotive, Aeris

• about 1 Gig of data per car with present cars. Up to 30 with a lot of streaming.
• don’t need connectivity for self-driving car: but why not have connectivity? Also important f0r the vehicle to know and communicate its physical state. Machine learning needs data to progress.
• people won’t buy vehicles when they are really autonomous — economics won’t support it, will move to mobility as a service.

Paul Scullion, Senior Manager, Vehicle Safety and Connected Automation, Global Automakers

• emphasis on connected cars, how it might affect ownership patterns.
• regulatory process slow, but a lot of action on state level. “fear and uncertainty” on state level. Balance of safety and innovation.

Steven Bayless, Regulatory Affairs & Public Policy, Intelligent Transportation Society of America

• issues: for example, can you get traffic signals to change based on data from cars?
• car industry doesn’t have lot of experience with collaborative issues.