The Role of Artificial Intelligence and Computational Law Applications in IoT Risk Management

I am preparing to speak on the topic of IoT and cybersecurity at the 2018 Midwest Legal Conference on Privacy and Security. My discussion outline is shared here.

A. IoT Areas of Risk:

i) Cybersecurity risks are magnified with the introduction of an exponentially larger threat surface.

ii) Threat surface is comprised of: (a) the number of devices (8 billion by 2020, according to Garner), (b) latent device vulnerability (security by design failures plus the device’s appeal to hackers), and (c) likelihood of misuse (caliber of user sophistication).

iii) Preserving security principles (confidentiality, integrity and accessibility) becomes more critical, though not every one of the three elements is equally important; rather, degree of importance becomes device dependent.

B. Role of Artificial Intelligence

i) AI powered IoT devices will enhance host device capabilities, but also increase tension with preserving security principles.

ii) The AI “Risk Ratio:” The greater the power of AI integrated into a device, the greater the probability the specific device will contain higher quality data, which elevates the risk of hacking (i.e., the specific device’s appeal to hackers tends to grow as it contains data deemed more valuable) and requires more effective protection mechanisms.

C. The Role of Computational Law Applications

i) Computational law applications stand to play a threat surface administration role.

ii) These applications can be regarded as additional device protection mechanisms.

iii) The threat surface administration role is delivered through “signaling” protocols on critical device features, ranging from, for example, privacy policy, terms of use, warranty, and the existence of and/or rating of available security-by-design features.

iv) As these computational law applications become more efficient at protecting users, the concomitant reduction of attendant risk of use.