There is a great deal of buzz surrounding the Internet of Things (IoT), which is the notion, simply put, that nearly everything not currently connected to the Internet from gym shorts to streetlights soon will be. The rise of “smart products” holds the promise to revolutionize business and society. Applications are seemingly endless. From 2013 to 2020, Microsoft has estimated that the number of Internet-enabled devices is expected to increase from 11 to 50 billion, though estimates vary with Morgan Stanley predicting 75 billion such devices in existence by 2020.  To substantiate the coming wave, Samsung recently announced that all of its products would be connected to the Internet by 2020. 
Regardless of the final number, the end result of the IoT revolution looks to be a mind-boggling explosion in Internet-connected stuff. Yet the burning question is whether security can or will scale alongside this increasingly crowded field, or whether we will see a repeat of the late 1990s with products being rushed to market and attackers taking advantage of the resulting “technical debt.”  So far, there has been relatively little attention paid to how we should go about regulating smart devices, and still less about how cybersecurity should be enhanced within such a diverse ecosystem, particularly as it relates to supply chain concerns. This is the topic that a team of researchers and I have taken on in a new paper that applies groundbreaking polycentric governance models to the IoT and situates the U.S. debate with how other jurisdictions, including the EU, are tackling this issue. 
Read the full piece at the Military Cyber Professionals Association website.