House subcommittees hold joint hearing on cybersecurity and IoT devices

The House Subcommittee on Communications and Technology and the House Subcommittee on Commerce, Manufacturing and Trade held a joint hearing on Wednesday that examined the recent distributed denial-of-service (DDoS) on Internet of Things (IoT) connected devices.

On Oct. 21, hackers infiltrated the servers of the internet routing company Dyn Inc. that hosts the domains of many popular U.S.-based websites including Netflix, Twitter and Facebook.

The committees estimate that approximately 50 billion devices will be connected to the internet by 2020, which increases the risk of more attacks.

“Bad actors are increasingly attracted to IoT devices since they can use those devices without being detected for long periods of time, they know most devices will not be monitored or updated, and they know there are no endpoint protection capabilities on IoT devices to remove threats,” Dale Drew, senior vice president and CSO at Level 3 Communications, said.

“Network operators, device manufacturers and users will need to remain vigilant to the security risk these devices present,” he added.

A major point of emphasis made by Communications and Technology Subcommittee Chair U.S. Rep. Greg Walden (R-OR) was how Congress could draft legislation that increases cybersecurity standards but doesn’t limit innovation in the technology and software sectors.

“There are ways you can do this effectively without stifling innovation,” Kevin Fu, CEO of Virta Labs, said. “In fact, I believe a well-designed cyber security framework will actually promote innovation. There is no perfect standard but it will be very difficult to build in security if we don’t have these principles set in place.”

Fu said any framework needs to have the support of both industry and government.