NCTA: NTIA Botnet Draft Fails to Account for Global Threats

1801110006). The comments were released last week. The Information Technology Industry Council suggested that to achieve progress on the draft report’s action items, coordination will be needed with various stakeholders, including: NTIA, the National Institute of Standards and Technology, the Department of Homeland Security and other U.S. stakeholders; small, medium and large private sector entities; and international private and public sector partners. CTA wrote that the report takes a “promising, but still somewhat dour view of existing” security tools. “CTA continues to urge caution with respect to regulatory approaches generally, as they usually tend toward static, prescriptive compliance regimes that inhibit security innovation over time,” the group wrote. The Computer & Communications Industry Association said the “chief educational burden” for policymakers, regulators and cybersecurity professionals is a better understanding of the “things” that make up IoT. The Internet Society suggested government collaborate with stakeholders in clarifying how current liability and consumer protection regulations apply to IoT. “Without clear up-front liability, users are often the ones who pay the price for poor IoT security,” the group wrote, saying liability and consumer protection laws can be a strong incentive for investing in security. Samsung echoed those comments, agreeing with the draft report’s call for the federal government to “lead by example and create market incentives for IoT product vendors to adopt” more secure products. The company recommended Congress and the administration avoid duplicating efforts, such as NIST’s Cybersecurity for IoT Program. The U.S. Chamber of Commerce wrote more dialogue is needed on “so-called market incentives,” saying regulation would “stunt security and innovation, including deployment of IoT.”