Legislating IoT in the Next Congress
November 11, 2016
On Wednesday, the House Energy and Commerce Committee announced a hearing to examine the cyberattacks that brought down the Domain Name System (DNS) provider Dyn last month, which resulted in widespread loss of service for some of the Internet’s most popular websites and platforms, including Twitter, Netflix, and Spotify. The hearing, scheduled for November 16, will be jointly held by Subcommittee on Communications and Technology, chaired by Rep. Greg Walden, and the Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Michael Burgess.
Critically, the joint hearing will mark the first time Congress holds a hearing to examine the role of the Internet of Things (IoT) may have played in the recent cyberattacks. It has been widely reported that a malware called Mirai infected and hijacked hundreds of thousands of connected devices- such as printers, smart TVs, and IP cameras – and turned them into botnets capable of executing distributed denial of service (DDoS) attacks. These infected devices reportedly sent over 1.2 trillion bits of data every second, overwhelming Dyn’s servers and making it the largest DDoS attack ever recorded. In a joint statement, the two chairmen of the Subcommittee stressed that “Americans should not have to worry that the convenience and connectivity of the Internet of Things comes at the expense of the resiliency and reliability of the larger Internet,” and that they hope the hearing will inform lawmakers about ”how cyberattacks are evolving and what can be done to mitigate future attacks and risks.”
The hearing announcement came on the heels of a letter, signed by five members of the Energy and Commerce Committee Democrats and issued last week, asking the committee majority to schedule a hearing on the recent cyberattacks. In that letter, the Democratic members, led by Ranking Member Frank Pallone, stated that “the expansion of technology and increasing connectivity of devices” make it imperative that lawmakers understand what had happened with the recent attacks as they could have “wide-sweeping effects not only on telecommunications and Internet regulation, but also on many other areas under the Committee’s jurisdiction.”
Indeed, as connected devices proliferate and IoT becomes increasingly integral aspects of our daily lives, wholesale examining of the risks and rewards brought about by the IoT economy will become necessary as to present a comprehensive view of this emerging ecosystem. Yet, as my colleague Megan Brown pointed out in a recent post, the emergence of IoT implicates a broad range of issues for the incoming Trump Administration , ranging from the availability of spectrum that enables connectivity, the robustness of infrastructure that can support the growing uses while withstanding physical and cyberattacks, to the ways personal privacy should be safeguarded and legal liabilities should be assigned in case a data breach occurs. Layer on the sector-specific concerns of a particular connected device’s application or services – be they healthcare monitoring, energy consumption management, or smart transportation – and we are looking at a regulatory and legislative morass that will extend far beyond the core competency of any specific agency or Congressional Committee.
To better exercise Congress’ oversight responsibilities concerning industry and agency responses to the proliferation of IoT, lawmakers could move beyond the jurisdictional turf wars that have always characterized Congressional activities on issues that span across multiple Congressional Committees by forming a special select committee dedicated to examine issues related to IoT. Similar to other Select Committees in the past, an IoT Select Committee will be foremost a forum to educate and inform lawmakers about this crucial sector. It will not have the authority to draft legislation, but will play an important role in coordinating Congressional responses and oversight on anything related to connected devices while working with other standing Committees to develop draft legislation if necessary. By moving away from the limitations imposed by Committee jurisdictions, an IoT Select Committee could help lawmakers paint a more comprehensive picture of the IoT ecosystem as Washington grapples with an increasingly Internet-enabled universe.
Congress is set to organize itself for the new session in the coming months, and some have suggested that a Trump Presidency will play a more deferential role to the expertise on Capitol Hill on many issue areas where President-elect Trump has yet to lay out a specific agenda or platform. IoT is an issue area where our lawmakers have the opportunity to get it right from the beginning. They can do so by recognizing the multi-sector, multi-jurisdictional nature of the IoT economy and organize accordingly.