https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Here’s a Security Worry: Legal Entanglements

When it comes to security breaches, end users and owners of industrial automation and IOT systems can find themselves ensnared by legal issues, including contract disputes and lawsuits.
  • Written by IOT Content Manager
  • 13th April 2016

In our recent survey of manufacturing and government executives and operations professionals, security topped the list as the number one concern about the Internet of Things.

Sure that concern is warranted, no one wants to get hacked. But we wondered, are there specific legal entanglements that an end user can get into because of a security breach? For advice, we asked Creighton Magid. He is a lawyer with the international law firm Dorsey & Whitney who works with clients to reduce their liability risk and navigate the Federal regulatory system.

What exactly are people worried about when it comes to security and the Internet of Things?

There has been a level of concern over data theft and hackers getting access to personally identifiable information. 

The newer arrival on the scene for everyone–cities, manufacturers and utilities–is the potential threat to their basic infrastructure and processes. The interaction of the online world with their physical operating systems raises the risk for organizations that their operations could be brought to a halt and their equipment destroyed or taken offline for a period of time. 

Your clients include municipalities, manufacturers, and product developers. Is there a common thread among them in how they approach cybersecurity in their organizations? 

By and large, I don’t think that there is a full understanding of the magnitude of the potential threat. But there’s a good reason for that: A lot of the emphasis has been on data breaches, with less of a focus put on securing systems and their interconnections with the physical world than there should be. 

Estimates put the number of connected devices added to the ecosystem at 5.5 million every day, and that’s a lot more potential points of entry for a cybersecurity attack. So there may be vulnerabilities that organizations have not thought of, or their systems may have become vulnerable to new threats for which an upgrade or security patch has not been issued.

Any examples?  

Well there are plenty! In a well-publicized case, Ukraine’s power grid was shut down to the substation level. The only reason the country was saved from being plunged into darkness was—ironically–because of the aged infrastructure, so they were able to intervene manually. 

But, hey, why worry? Doesn’t my cyber insurance cover any damages or loss of revenue due to a security breach?

Some cyber policies include exclusions that basically say that if you do not meet minimum levels of cyber protection, your claims could be denied. I am aware of one case where the insurer argued that the policyholder had not engaged in minimum levels of cyber protection and diligence and should be denied coverage. In an ironic twist, the case was ultimately dismissed because the insurer didn’t follow the dispute resolution procedures in its own policy, not because of the merits of the case.

Why then, if I am an end user, can’t I just sue the guy who sold me the equipment? 

The answer here lies at the intersection of product liability law and contract law.  For example, an automation supplier is likely to have damages limitations in its contract with the end user. For consequential damages, the supplier would argue that the plant’s remedies were limited to the amount of the contract or something of that nature. But if you are the plant, you might agree that the contractual limitations applied to the automation equipment as delivered, but sue on a theory that there was a lack of post -market vigilance on the part of the automation supplier to make you aware of new and emerging threats and to issue upgrades or patches.

This issue of post-delivery obligations regarding security has not yet been tested in courts. But I can see that happening in a world in which threats emerge daily and in which there is an expectation that security patches and upgrades are going to be delivered.

On the flip side, should organizations worry that they will get sued?

In general, yes.  The plaintiff’s bar has shown considerable interest in pursuing internet-of-things cases.  The Federal Trade Commission has been very active in pursuing consumer product companies that represent their systems as being secure or that imply that their systems secure when they are not. The U.S. Court of Appeals for the Third Circuit last year upheld the FTC’s authority to regulate in the cyber arena under the agency’s authority to address unfair marketing practices.

In that case, Wyndham Hotels and Resorts initially fought but later agreed to settle FTC charges that its security practices exposed payment card information to hackers in three data breaches. Under the terms of the settlement, the company will establish a comprehensive information security program to protect cardholder data and will conduct annual security audits.

Article was originally published on Industry Week.

Tags: Article IIoT/Manufacturing Security Technologies Vertical Industries

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • Microsoft Extends Secured-Core Program to IoT Devices
  • Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration
  • Partnership to Globally Expand Robotics Solutions
  • Researchers Use Robotic Prey to Track Predator Behavior

Roundups

View all

IoT Product Roundup: Canonical, InfluxData, Wiliot and More

23rd June 2022

IoT Product Roundup: Cisco, Telit, Draganfly and More

9th June 2022

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Image Shows John Lewis' Barry Panai at AI Summit London 2022

AI Summit 2022: John Lewis’ Barry Panayi on AI in Retail

Panayi talks about data and AI in retail and how individuals and the technology can work together

AI Summit 2022: easyJet’s Ben Dias on AI in Aerospace

The company’s director of data science and analytics talks about the industry’s use of AI.

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

Seoul Robotics Expands 3D Perception Platform across South America dlvr.it/STMhSV https://t.co/a10l3Eb2Kn

5th July 2022
IoTWorldToday, IoTWorldSeries

Microsoft Extends Secured-Core Program to IoT Devices dlvr.it/STMg4k https://t.co/laBPF5VjC4

5th July 2022
IoTWorldToday, IoTWorldSeries

Spot the Robot Dog Helps Police Ahead of Boston’s Fourth of July Celebration dlvr.it/STKWjb https://t.co/LdRg7a2xqU

4th July 2022
IoTWorldToday, IoTWorldSeries

Another 59,000 @Teslas being recalled over a software glitch affecting the vehicle’s Emergency Call safety system… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

Join us in the premier #tech destination of #Austin this November 2-3 for our next #IoT event. Connect and collabo… twitter.com/i/web/status/1…

4th July 2022
IoTWorldToday, IoTWorldSeries

SoftBank, May Mobility Team on Autonomous Driving dlvr.it/STJrW0 https://t.co/mOYoBsgs14

4th July 2022
IoTWorldToday, IoTWorldSeries

Firefly-Inspired Robots Enable Motion Tracking, Communication dlvr.it/STJn0H https://t.co/ksRSzYcR4z

4th July 2022
IoTWorldToday, IoTWorldSeries

Partnership to Globally Expand Robotics Solutions dlvr.it/STJlyx https://t.co/YWAtpUfcNd

4th July 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X