While many Americans were leaving on their 2017 summer vacation, the U.S. Government issued a request for comments on how to limit DDoS and other automated attacks typically linked to the IoT.
And lawyers for Google, Microsoft, and many other companies you know (they may be your security vendors) were busy responding to the National Telecommunications and Information Administration.
Google and Microsoft both revealed specifics on best practices for securing the IoT, battling bad bots and limiting automated attacks. And each suggested a direction for policies the U.S. Government should consider.
These comments are no longer made in some sort of Washington D.C. vacuum, never to be seen again.
Instead, they are readable in PDF through the Report on Responses (a summary) to NTIA’s "Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats” (specific comments, listed by company and organization).
Excerpt: Google on Securing the IoT
"IoT, in particular, spans an enormous range of ecologies, each with its own 7 individualized security needs. The security measures appropriate for the electrical grid, for example, are vastly different from those appropriate for a connected toaster or a wearable fitness tracker. Nest and Google respectfully recommend that NTIA and other U.S. Government actors consider these variations in context, and the balance of this comment is focused on technologies developed for residential use." Danielle Osler Public Policy & Government Relations Counsel, Google
Excerpt: Microsoft on Securing the IoT
"Microsoft believes it remains important for the government to support the public-private partnerships that are currently working to mitigate the impact of botnets, take steps to encourage more cooperation, and advocate that industry stakeholders should adopt a defense-in-depth strategy designed to address the threats posed by botnets on multiple fronts." Tom Burt Vice President and Deputy General Counsel Corporate, External, and Legal Affairs, Microsoft
These comments will go together with those from a NIST workshop on this topic.
Says the NTIA, "A draft of the report is scheduled to be released for public comment on January 5, 2018. After the conclusion of a 30-day comment period, a workshop will be held to discuss the plan of action and the final report."
That final report is due on the President's desk by May 11, 2018.
