NTIA Summarizes Stakeholder Comments on IoT Security & Automated Threats

September 25, 2017

On September 18, the National Telecommunications and Information Administration (NTIA) released a report on Internet of Things (IoT) security, botnets, DDoS attacks, and other cyber threats. The Report of Responses to NTIA’s Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats, documents the overall themes of responses from 47 commenters. The full report can be found here.

Comments, filed in response to NTIA’s June 2017 Request for Comments, were provided by a variety of large trade associations, major internet and technology companies, security researchers, policy groups, and academia. Commenters recognized that addressing the risks posed by distributed and automated attacks “are global, by their nature, and require international cooperation to work toward solutions. International standards and best practices will be necessary to achieve an effective global approach, rather than country-specific standards and regulations that could impose unnecessary costs and slow innovation.”

While stakeholders “resoundingly endorse voluntary, consensus-based industry- and community-led processes…a notable number of commenters viewed the lack of existing security and market incentives as requiring more active policy interventions.”

Commenters highlighted that addressing these risks is a shared responsibility across the digital ecosystem, with some industry actors providing examples of innovation to secure devices across the Internet of Things (IoT). Some stakeholder feedback underscores—that unlike voluntary best practices—specific regulatory regimes cannot provide the necessary flexibility to a market with extremely diverse security needs. Others argued, however, that not every company has adopted a risk-based mindset and a lack of market incentives to promote good security practices means the government may need to step in to implement best practices through regulation.

The comments were collected as part of the review required by President Trump’s Cybersecurity Executive Order. This review calls for “an open and transparent process to identify and promote action by appropriate stakeholders” with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g. botnets).” As a continuation of this process, NTIA has stated it welcomes additional stakeholder feedback and plans to release a draft report for public comment in January 2018, with a final report due to the President in May 2018. 

Tags

Wiley Connect

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek