The Developing Innovation and Growing the Internet of Things Act, or the DIGIT Act, reintroduced in the Senate (S 88), and as HR 686 in the House, is legislation that would promote the internet of things (IoT) industry in the US, help define global interoperability standards and technology innovation, while encouraging a secure and interoperable Internet of Things (IoT).
A group comprised of federal and private-sector representatives would be created to work to identify the regulations or practices “inhibiting or that could inhibit the development of the Internet-of-Things.” That working group would also identify the policies that would “improve coordination among federal agencies with jurisdiction over the Internet-of-Things.”
Addressing one of the first initiatives of the legislation, which is to define the Internet of Thing, Mike Patterson, CEO of Plixer explained to Homeland Security Today that, “The very nature of the name ‘Internet of Things,’ demonstrates why the creation of a crisp definition will be difficult. The term IoT represents new ‘things’ that have IP addresses and are connected to the Internet. Distinguishing the devices that fall under new IoT regulations from the devices that have traditionally connected to the Internet, could prove challenging."
"However, supporting regulation that standardizes security and communication protocols for these new devices is the optimum solution," he said. "A collaborative approach including IoT manufacturers as well as the customers who use them, are needed to help mitigate security risks, including DDoS attacks. Beyond this, service providers should be stepping up to take part in solving this problem as well. Service providers can do this by implementing Best Current Practice 38 (BCP38) put forth by the Internet Engineering Taskforce (IETF). BCP38 basically mandates packets should not be allowed to come from a network that doesn’t originate from the assigned address space. This would have an immediate impact on DDoS attacks. In addition, standardization for communication and security protocols will allow the security communication to look for, and identify anomalous IoT device behavior.”
Both bills would require the Department of Commerce to convene a working group of federal stakeholders to provide recommendations and a report to Congress regarding the growing number of connected and interconnected devices known as IoT. The bill would establish a steering committee composed of stakeholders outside the federal government to advise the working group.
Pursuant to the legislation, the Federal Communications Commission (FCC) would be required to seek public comment on the IoT’s spectrum needs, regulatory barriers and growth with licensed and unlicensed spectrum; and to submit a summary of those comments to Congress.
According to the bills, the “Developing Innovation and Growing the Internet of Things Act estimates more than 50,000,000,000 devices will be connected to the Internet by the year 2020.
Consequently, the legislation states:
- The Internet of Things has the potential to generate trillions of dollars in new economic activity around the world;
- Businesses across the United States can develop new services and products, improve operations, simplify logistics, cut costs and pass savingson to consumers by utilizing the Internet of Things and related innovations;
- The United States leads the world in the development of technologies that support the Internet and the United States technology sector is well-positioned to lead in the development of technologies for the Internet of Things; and
- The United States government can implement this technology to better deliver services to the public.
The United States Senate unanimously passed Senate Resolution 110, 114th Congress, agreed to March 24, 2015, calling for a national strategy for the development of the Internet of Things.
The legislation states that, “It is the sense of Congress that policies governing the Internet of Things should maximize the potential and development of the Internet of Things to benefit all stakeholders, including businesses, governments and consumers, “ and, “consider any findings or recommendations made by the steering committee and, where appropriate, act to implement those recommendations; and examine how federal agencies can benefit from utilizing the Internet of Things; the use of Internet of Things technology by federal agencies as of the date the working group performs the examination; the preparedness and ability of Federal agencies to adopt Internet of Things technology in the future; and any additional security measures that federal agencies may need to take to safely and securely use the Internet of Things; and enhance the resiliency of federal systems against cyber threats to the Internet of Things.”
Established within the Department of Commerce, a steering committee would be established to advise the working group, whose duties would be to “advise the working group with regard to the identification of any federal regulations, statutes, grant practices, programs, budgetary or jurisdictional challenges and other sector-specific policies that are inhibiting or could inhibit the development of the Internet of Things; whether adequate spectrum is available to support the growing Internet of Things and what legal or regulatory barriers may exist to providing any spectrum needed in the future; policies or programs that promote or are related to the privacy of individuals who use or are affected by the Internet of Things; may enhance the security of the Internet of Things; may protect users of the Internet of Things; and may encourage coordination among federal agencies with jurisdiction over the Internet of Things.”