Why This Matters: Securing computers is not enough in an age of connected devices.
Rep. Ro Khanna (D-Calif.) wants Congress to direct the Trump Administration to mandate internet of things (IoT) cybersecurity training for government workers, the latest indication that Washington is trying to figure out how to get ahead of an interconnected world where the entry points for bad actors will multiply exponentially.
Sen. Ed Markey (D-Mass.) reintroduced a bill that would create a voluntary IoT cybersecurity certification program.
These moves come as database firm statista.com estimates there will be some 75 billion connected devices worldwide within five years. Government employees have long been warned about securing their computers. But in that world, security concerns could extend to refrigerators, fitness devices, smart TVs and many more potential security vulnerabilities in the office and at home.
Khanna’s Internet of Things Cybersecurity Training for Federal Employees Act, introduced last week, would direct the Office of Management and Budget to mandate cybersecurity training for all federal employees, including the “unique” risks of IoT devices that range from smart watches and cars to toasters.
IoT security is drawing attention on both sides of the political aisle and the Capitol, driven by bipartisan support for overall online privacy (and security) legislation and by the growing impatience of Democrats unsatisfied with the current public-private partnership-slash-voluntary efforts approach toward what one senator has called the “internet of threats.”
Republicans, supported by consumer technology manufacturers, generally favor partnership between government and private industry, voluntary and flexible standards and incentivizing cybersecurity by design in devices and networks.
Democrats counter that what is needed are mandates and deadlines rather than what Markey called an IoT security “open-ended take-home exam.”