The Information Technology Industry Council is maintaining its call for a voluntary approach as Canada, the United Kingdom and Europe all signal strict new cybersecurity requirements.
Testifying before the House Homeland Security Committee Wednesday, a key industry witness pressed lawmakers to rely on companies voluntarily including appropriate cybersecurity measures in their proliferation of emerging technologies while highlighting a need for global-policy synergy as allied jurisdictions have taken a more proactive approach.
“Policymakers should prioritize global harmonization and regulatory cooperation to support a voluntary, industry-driven consensus around core baseline capabilities for [internet of things] security that are grounded in global standards,” Rob Strayer, executive vice president for policy at the Information Technology Industry Council, wrote in testimony prepared for a hearing of the committee’s cybersecurity and innovation panel.
ITI echoes its suggested approach for the IoT space across emerging technologies more broadly. But while the trade association which represents the largest tech companies in the U.S. has long sought to avoid federal cybersecurity mandates, more allied governments—in the European Union, the United Kingdom and Canada—are moving forward with legislation laying out specific responsibilities for companies and measures like fines to enforce them.
“In general, the private sector has a strong market-based incentive to protect technology from compromise and misuse, as that is the expectation of business users and consumers,” Strayer wrote in his testimony. “The adoption of dynamic cybersecurity risk management practices and establishment of voluntary, industry-led, consensus-based cybersecurity standards have yielded tremendous capability enhancements for the protection of all digital technologies, including emerging technology, and improved their resilience.”
But weaknesses in the ecosystem of emerging technologies are far more visible than the improvements Strayer asserts, and skepticism of a purely market-based approach to securing foundational emerging technology has also taken hold in the highest levels of U.S. policy-making.
National Cyber Director Chris Inglis often promotes the United Kingdom’s approach to cybersecurity as a model for a successful domestic strategy. At a recent event—hosted by ITI—he said cybersecurity mandates for commercial information technology are undoubtedly on the way..