Despite reluctance to legislate tech issues, governments should be more aggressive in regulating the security of the Internet of Things (IoT), experts say.

“We need to take a more active and more aggressive posture,” said Joshua Corman, director of the Cyber Statecraft Initiative for the Atlantic Council. He explained that in issues that concern public safety, such as Internet-connected cars and medical devices, the government should take a greater role in ensuring cybersecurity.

“If it can kill you, there are minimum requirements,” Corman said. He added that he would like to see more legislative task forces to address IoT cybersecurity, especially concerning Internet-connected and self-driving cars.

“IoT security is now a public safety issue,” agreed Robert Silvers, assistant secretary for cyber policy at the Department of Homeland Security. “While the opportunities are so incredibly rich […] I think we also have to recognize that we are creating a national dependency.”

Silvers also said that the government should be using its “convening power” to bring together the many disparate efforts to nail down IoT cybersecurity.

“This is an area that requires a multi-stakeholder approach,” said Corman.

Both DHS and the Food and Drug Administration are working on a set of guidance principals for IoT security that seek to engage the private sector.

“At DHS we are going to be issuing a set of strategic principles for IoT security in the coming months,” said Silvers, adding that is designed to not be overly prescriptive or technical but to provide executives with a security starting point.

FDA’s “Postmarket Management of Cybersecurity in Medical Devices” draft was issued in January 2016 and, according to Suzanne Schwartz, associate director for Science and Strategic Partnerships at the FDA, enables medical device developers to make cybersecurity updates to their devices without having to resubmit device applications to the FDA.

“We don’t want to be standing in the way of those changes happening,” said Schwartz.

“The Internet of Things is not a trend,” Silvers said. “It’s a full-blown phenomenon.

Read More About
More Topics
Jessie Bur
Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.