Tommy Ross, Senior Director of Policy for the Software Alliance presented testimony October 3, 2017 before the House Committee on Oversight and Government Reform Subcommittee on IT concerning policy issues related to cybersecurity.
He talked to the Committee about what is specifically needed in terms of policy:
- Develop a framework for managing IoT security according to risk as effective IoT policies cannot treat IoT devices as if one size fits all. Devices need to be defined according to risk and technical variations so that policies can be built around this framework
- Build on the software industry best practices since IoT devices are built around hardware and software that have been around for years and even decades. Do not treat the IoT as some wholly new and unexplored realm demanding new and different policies.
- Advanced tools are needed to communicate critical cybersecurity information to users. Mechanisms are needed to help individual and consumers understand the security features and risks they will acquire with any given IoT device and help users integrate IoT devices into networked systems in ways that maximize security
- Promote shared responsibility for IoT security since stakeholders in the IoT are a broad and disparate group. No single stakeholder can secure the IoT and no single stakeholder should be held solely accountable for security
- Establish a modest but important government role that should focus on convening and facilitating rather than dictating solutions and lead by example
He concluded his testimony by saying, “Security in the IoT is an important concern and our success in addressing it will be the foundation for the economy in the 21st century economy.