The Internet of Things (IoT) is a disruptive innovation known for its socio-economic potential, but also for generating unprecedented vulnerabilities and threats. As a dynamic sociotechnical system, the IoT comprises well-known cybersecurity risks and endemic uncertainties that arise as IoT adoption increases and the system evolves. We highlight the impact of these challenges by analyzing how insecure IoT devices pose threats to both consumer protection and the Internet's infrastructure. While recent regulatory responses are starting to target IoT security risks, crucial deficiencies – especially related to the feedback necessary to keep pace with emerging risks and uncertainties – must be addressed. We propose a model of adaptive regulatory governance that integrates the benefits of centralized risk regulatory frameworks with the operational knowledge and mitigation mechanisms developed by epistemic communities that manage day-to-day Internet security. Rather than focusing on the choice of regulatory instruments, this model builds on the “planned adaptive regulation” literature to highlight the need to systematically plan for a knowledge-sharing interface in regulatory governance design for disruptive technologies, facilitating the feedback necessary to address evolving IoT security risks.

中文翻译：

---

物联网的自适应治理：应对新出现的安全风险

物联网 (IoT) 是一项颠覆性创新，以其社会经济潜力而著称，但也因产生前所未有的漏洞和威胁而闻名。作为一个动态的社会技术系统，物联网包含众所周知的网络安全风险和地方性不确定性，随着物联网采用率的增加和系统的发展而出现。我们通过分析不安全的物联网设备如何对消费者保护和互联网基础设施构成威胁来强调这些挑战的影响。虽然最近的监管反应开始针对物联网安全风险，但必须解决关键缺陷——尤其是与跟上新出现的风险和不确定性所需的反馈相关的问题。我们提出了一种适应性监管治理模型，该模型将集中式风险监管框架的好处与管理日常互联网安全的认知社区开发的操作知识和缓解机制相结合。该模型不是专注于监管工具的选择，而是建立在“计划适应性监管”文献的基础上，以强调需要系统地规划颠覆性技术监管治理设计中的知识共享接口，促进解决不断发展的物联网所需的反馈安全风险。