Adaptive governance for the Internet of Things: Coping with emerging security risks |
| |
| Authors: | Irina Brass Jesse H. Sowell |
| |
| Affiliation: | 1. Department of Science, Technology, Engineering and Public Policy, University College London (UCL), London, UK;2. Department of International Affairs, Bush School of Government and Public Service, Texas A&M University, College Station, TX, USA |
| |
| Abstract: | The Internet of Things (IoT) is a disruptive innovation known for its socio-economic potential, but also for generating unprecedented vulnerabilities and threats. As a dynamic sociotechnical system, the IoT comprises well-known cybersecurity risks and endemic uncertainties that arise as IoT adoption increases and the system evolves. We highlight the impact of these challenges by analyzing how insecure IoT devices pose threats to both consumer protection and the Internet's infrastructure. While recent regulatory responses are starting to target IoT security risks, crucial deficiencies – especially related to the feedback necessary to keep pace with emerging risks and uncertainties – must be addressed. We propose a model of adaptive regulatory governance that integrates the benefits of centralized risk regulatory frameworks with the operational knowledge and mitigation mechanisms developed by epistemic communities that manage day-to-day Internet security. Rather than focusing on the choice of regulatory instruments, this model builds on the “planned adaptive regulation” literature to highlight the need to systematically plan for a knowledge-sharing interface in regulatory governance design for disruptive technologies, facilitating the feedback necessary to address evolving IoT security risks. |
| |
| Keywords: | cybersecurity disruptive technology internet of things planned adaptive risk regulation regulatory governance |
|
|
