The DIGIT Act has been reintroduced in the Senate and is legislation that would promote the internet of things (IoT) industry in the US, help define global interoperability standards and technology innovation, while encouraging a secure and interoperable Internet of Things (IoT).A group comprised of federal and private-sector representatives would be created to work to identify the regulations or practices “inhibiting or that could inhibit the development of the Internet-of-Things.” That working group would also identify the policies that would “improve coordination among federal agencies with jurisdiction over the Internet-of-Things.” One of the first initiatives would be to define the Internet of Things. Mike Patterson, CEO at Plixer commented below.
Mike Patterson, CEO at Plixer:
“The very nature of the name “Internet of Things”, demonstrates why the creation of a crisp definition will be difficult. The term IoT represents new “things” that have IP addresses and are connected to the Internet. Distinguishing the devices that fall under new IoT regulations from the devices that have traditionally connected to the Internet, could prove challenging. However, supporting regulation that standardizes security and communication protocols for these new devices is the optimum solution. A collaborative approach including IoT manufacturers as well as the customers who use them, are needed to help mitigate security risks, including DDoS attacks. Beyond this, service providers should be stepping up to take part in solving this problem as well. Service providers can do this by implementing Best Current Practice 38 (BCP38 put forth by the Internet Engineering Taskforce (IETF). BCP38 basically mandates packets should not be allowed to come from a network that doesn’t originate from the assigned address space. This would have an immediate impact on DDoS attacks. In addition, standardization for communication and security protocols will allow the security communication to look for, and identify anomalous IoT device behavior.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.