This week, the National Institute of Standards and Technology (NIST) convened the first face-to-face meeting of the cyber-physical systems public working group (CPS PWG) to develop and implement a new cybersecurity framework dedicated to cyber-physical systems (CPS), also known as the “Internet of Things.” Companies developing products and services involving CPS may consider participating in the CPS PWG, as participation in webinars and meetings is open and intended to be convenient. The group’s efforts may affect the legal landscape developing around CPS.

What Are Cyber-Physical Systems?

CPS are information networks comprised of sensors and other technologies embedded in physical objects and linked via wired and wireless networks (e.g., health-monitoring implants, automobiles with built-in sensors, and selective irrigation systems that detect crop hydration).

What Is NIST Doing and Why?

The CPS PWG aims to create a uniform definition and reference architecture for CPS in order to foster the development of an integrated CPS across industry sectors.

NIST convened the CPS PWG in part because of the explosive growth of CPS. According to NIST, only about 300,000 physical objects were connected to the internet in 1990. Cisco estimates that over 13 billion devices are connected to the internet today, and that number could be as high as 50 billion by 2020.

In light of the widespread development of CPS in sector-specific applications, NIST observed that sector-specific growth and development could hinder the interoperability of CPS, which is important to its long term success, development and expansion. The CPS PWG’s goal is to ensure the development of an integrated and interoperable CPS, rather than sector-specific, isolated CPS.

What Are the Details?

The CPS PWG is composed of four subgroups.

The Cybersecurity & Privacy subgroup will address the common cybersecurity and privacy elements of different CPS application domains and contexts with the aim to develop a cybersecurity and privacy strategy for the common elements of CPS. The Definitions, Taxonomy, & Reference Architecture subgroup will identify common foundational principles of CPS design across industry sectors. The Use Cases subgroup will focus on how people interact with CPS and the ways in which CPS can be applied and used. The Timing & Synchronization subgroup will ensure that timing elements will be present in CPS, such as when and how frequently a device sends information.

Each subgroup will meet remotely (either by phone or webinar) to identify concepts consistent across different sectors. By November 2014, each subgroup is expected to submit a summary report. NIST then intends to synthesize the subgroup reports and produce a draft reference architecture by Spring 2015 and a draft roadmap by Summer 2015.

The Big Picture

This effort from NIST occurs as other regulatory entities and industry groups weigh in on the appropriate rules for CPS. For example, the Federal Trade Commission held a workshop on consumer privacy and security issues posed by CPS (for which Hogan Lovells Partner Christopher Wolf highlighted relevant considerations). NIST’s work to develop a common CPS language may help further these conversations.

Paul Otto and Ryan Comer