The European Commission is getting ready to propose new legislation to protect machines from cybersecurity breaches, signalling the executive’s growing interest in encouraging traditional European manufacturers to build more devices that are connected to the internet.
A new plan to overhaul EU telecoms law, which digital policy chiefs Günther Oettinger and Andrus Ansip presented three weeks ago, aims to speed up internet connections to meet the needs of big industries like car manufacturing and agriculture as they gradually use more internet functions.
But that transition to more and faster internet connections has caused many companies to worry that new products and industrial tools that rely on the internet will be more vulnerable to attacks from hackers.
EU lawmakers want to dispel those fears by creating rules that force companies to meet tough security standards and go through multi-pronged certification processes to guarantee privacy.
“That’s really a problem in the internet of things. It’s not enough to just look at one component. You need to look at the network, the cloud. You need a governance framework to get certification,” Thibault Kleiner, Oettinger’s deputy head of cabinet, said at a Brussels conference yesterday evening (4 October).
Kleiner said the Commission would encourage companies to come up with a labelling system for internet-connected devices that are approved and secure.
Firms from a range of industries, including energy, automotive and healthcare, joined a platform on the internet of things that the Commission set up last year as part of its efforts to push companies to embrace industrial use of the internet. Big companies like Cisco, Bosch, Nokia and Philips are part of the group, along with several telecoms operators.
There are currently around 6 billion internet-connected devices in use worldwide, and that figure is predicted to soar to over 20 billion by 2020, according to research by consultancy Gartner.
The internet of things is a catchphrase that has caught on with Brussels legislators and lobbyists, who use it to describe devices that haven’t used internet connection up until now—but will in the future, like connected cars that predict traffic or calculate ways to save fuel, or refrigerators that alert a person when they’re running out of food.
The EU labelling system that rates appliances based on how much energy they consume could be a template for the cybersecurity ratings: Kleiner pointed to that as “something I’d apply to the internet of things”.
Some hardware manufacturers are sceptical of the Commission’s plans to require certification for different parts of internet-connected devices and instead want hardware like SIM cards to be approved as security guarantees that can be used with appliances, Kleiner acknowledged.
New Commission proposals in November
The Commission is about to make a set of new announcements in November that will ruffle feathers in industries that want to turn using and selling consumers’ personal data into a new business model.
Those rules will affect how companies can access consumers’ data and what kind of contracts they can have to sell that information to partnering firms. Car companies have warned against contract rules that could force them to lose control over the personal data that drivers produce in vehicles. Tech companies and internet operators that provide services like in-car entertainment could dominate in a more digital car industry, car manufacturers fear.
Kleiner said EU officials crafting the new laws are still considering how they’ll define data. Hard-fought, four-year-long negotiations over EU data protection rules that are set to go into effect in 2018 taught lawmakers that “it’s not about data as something you monetise, it’s about dignity, something that’s personal to an individual,” he said.
“It’s completely different from taking about data as something that can be monetised, accessed and shared to create business opportunities.”