Analysis
Fall 2017 / Issue 55
USCOC Recommended Principles for
“Internet of Things” Security
Future growth predictions for
the “Internet of Things” (IoT) are
staggering. With a truly global
market for the IoT, national
boundaries and policy differ-
ences threaten to create bar-
riers and walled gardens and
distort markets. Governments
should support international stan-
dards work that harmonizes var-
ied approaches to regulating
technology.
Governments are in a difficult
position given the complexity
and fast changing cyber-threat
landscape and traditional regu-
latory responses are inadequate
to keep pace with the evolution
and economic growth potential of
the IoT.
Consumers may not be pre-
pared for their roles in our digital
future, in which individual actions
can affect communities and enter-
prises around the world. Basic
cyber-hygiene education should
be prioritized by governments,
businesses, and consumers.
Similarly, increased attention is
being paid to hardening endpoint
security (e.g., laptops, smart
phones). Here, manufacturers
and vendors are leveraging exist-
ing industry-developed best prac-
tices. They should be encouraged
and incentivized to pursue secu-
rity by design.
Recent cyberattacks like Wan-
naCry, Petya, and Mirai illustrate
why a combination of end user
education and endpoint secu-
rity is important. WannaCry and
Petya victims used unsupported
and unpatched versions of leg-
acy operating systems, which
is a lesson in the importance of
upgrading and patching devices.
Likewise, the Mirai botnet
depended on wide-spread use
of a common set of credentials,
which speaks to use of hard-
coded passwords. Governments
20
AmCham Macedonia Magazine
Ann M. Beauchesne,
Senior Vice President,
National Security, U.S.
Chamber of Commerce;
Megan Brown, Partner,
Wiley Rein LLP;
Sean Heather, Vice
President, Center for
Global Regulatory
Cooperation, U.S.
Chamber of Commerce
should proactively collaborate with industry to identify and facil-
itate voluntary use of best practices.
Given how diffuse and ubiquitous the IoT is, the global effort
to enhance security, privacy, and trust requires input from public
and private stakeholders. Governments should establish inter-
national multi-stakeholder forums for discussion and education
about security and privacy regulations, and trust-enhancing cer-
tification and labeling frameworks.
The IoT is incredibly complex and there is no one-size-fits-
all solution to cybersecurity. But the business community looks
forward to working with governments to collaboratively create
policies that enhance privacy, security, and trust in the IoT based
on global, voluntary, consensus, and industry-driven standards.
Ten Key Principles for IoT Security
1 When it comes to security, attempts to regulate today will become outdated tomorrow. Flexible
approaches to collaboration and cooperation to combat shared threats have significant advan-
tages over national regulation which serves to fragment the global economy and lags behind
technological innovation.
2 Any approach to IoT security should be data-driven, based on empirical evidence of a specific
harm, and be adaptable both overtime and cross-border.
3 Security demands should never be used as industrial policy to advance protectionism or favor
national economic interests.
4 National boundaries need not become arbitrary obstacles to the movement of devices or data,
or to the offering of IoT-related services.
5 Global standards work is the best way to promote common approaches and technology solu-
tions. Such standards should be open, transparent, and technology-neutral.
6 Any government IoT strategy should promote technical compatibility and interoperability to the
maximum extent possible.
7 Everybody is vulnerable, cyber threats must be met with global information sharing and collab-
oration to improve and safeguard the IoT ecosystem.
8 End users need to be educated about their roles and responsibilities in this digital age.
Manufacturers and vendors should be encouraged to routinely evaluate and improve endpoint
securi ty.
9 The international community must collectively condemn criminal activities that infect and exploit
the openness and connectivity of the internet and our digital future.
Analysis
Fall 2017 / Issue 55
Companies Cite Legal Uncertainty &
Large Fines as Key Problems
With the purpose of identifying
the problems that the business
community faces, in the fields of
taxes, customs, labor market and
the environment, USAID funded
the “Partnership for Better Busi-
ness Regulation” project, imple-
mented by Epi Centar Inernational
in partnership with the Economic
Chamber of Macedonia, the ICT
Chamber of Commerce (MASIT),
and the Economic Chamber of
Northwest Macedonia. Over the
first year of the project, 18 info
sessions and 5 forums held in
several cities around the country
helped identify a number of com-
mon small to medium business
environment themes, including
those related to labor relations,
customs, taxes and environmen-
tal regulations.
According to businesspeople
around the country, labor relations
are insufficiently regulated in the
following areas:
Practice
work
&
internships;
Probation periods as a
precursor to “permanent
employment”;
Mobile work options (pri-
marily in the IT sector);
Annual mandatory med-
ical examinations for all
employees as an exces-
sive financial burden borne
by employers;
General confusion with
the requirement to com-
pensate the employees for
their annual leave (regress
payment).
Pavlina Dimovska
– Attorney at law and
Project legal advisor
The lack of an effective ethics code for customs officers;
High and irrational fines, especially for small, technical and
insignificant errors.
Taxation-related concerns included the need for:
Fast, full and unconditional VAT refunds (the return should
not be conditioned by the inspection control and the refund
deadline should be reduced);
Reduced penalties overall and cancellation of additional pen-
alties for the legal representative involved in a given case;
Cancellation of the provision in the Law on Registration of
Cash Payments that prohibits an individual from perform-
ing a given business activity due their involvement in a
misdemeanor;
Reversal of the obligation to pay VAT in cases of a permanent
write-off of a claim.
Environment
The obligation that companies dump textile waste in a local
municipal landfill under Customs supervision, since it is
expensive and inferior to alternatives, such as recycling these
materials;
The legal solutions are unclear, imprecise, and contradictory
in the Law on Waste, the Law on Waste from Electrical and
Electronic Equipment and other laws in the field of waste
management;
More control is needed of the work of licensed waste man-
agement companies, especially in the collection of used tires
and waste oils;
Simplification is needed in the preparation of environmental
studies and procedures for obtaining licenses, such as envi-
ronmental permits.
In the coming period, these problems will be further analyzed and
submitted to the competent authorities. Through these activities, the
Project will work to develop public-private dialogue in the country.
Customs-related issues:
Textile waste management
and the option of utilizing/
recycling of waste from
loan system production;
10 Governments must work together to shut down illegal activities and bring bad actors to justice.
AmCham Macedonia Magazine
21