This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[iot-discussion] Proposed US legislation
- Previous message (by thread): [iot-discussion] Proposed US legislation
- Next message (by thread): [iot-discussion] Proposed US legislation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Patrik Fältström
paf at frobbit.se
Fri Aug 4 19:31:22 CEST 2017
To comment on what Gordon wrote, I think the choice of saying for example "procured by the federal government" etc is simply because of what power the legislator have. In many MS of EU one could probably say "public sector" and not only federal level. But it may differ between MS. Regarding Europol, I think they only act as proxies between police in the various MS. They do not take action on their own. And regarding ENISA, well, we have the struggle between COM and ENISA and I personally think it would be COM that make statements. That said, this is most certainly much more a trade issue than IT or even security. So Gordon, who knows trade? paf On 4 Aug 2017, at 16:26, Marco Hogewoning wrote: > I would assume Europol's role is limited up to the point it turns into criminal acts that warrant investigation and prosecution. > > From a European perspective I assume this would mostly fit ENISA's mandate in respect to (critical) infrastructure stability. > > Groet, > > MarcoH > -- > Sent from a small touch screen, apologies for typos > >> On 4 Aug 2017, at 16:03, Michael Oghia <mike.oghia at gmail.com> wrote: >> >> Hi Gordon, >> >> Based on this points, I think it's a very prudent and reasonable piece of policy. I suppose the relevant institutions within the EU would be the European Commission and perhaps Europol. >> >> Best, >> -Michael >> __________________ >> >> Michael J. Oghia >> Independent #netgov consultant & editor >> >> Belgrade, Serbia >> Skype: mikeoghia >> Twitter | LinkedIn >> >>> On Fri, Aug 4, 2017 at 4:00 PM, Gordon Lennox <gordon.lennox.13 at gmail.com> wrote: >>> "Specifically, the Internet of Things (IoT) Cybersecurity Improvement Act of 2017 would: >>> >>> Require vendors of Internet-connected devices purchased by the federal government ensure their devices are patchable, rely on industry standard protocols, do not use hard-coded passwords, and do not contain any known security vulnerabilities. >>> Direct the Office of Management and Budget (OMB) to develop alternative network-level security requirements for devices with limited data processing and software functionality. >>> Direct the Department of Homeland Security’s National Protection and Programs Directorate to issue guidelines regarding cybersecurity coordinated vulnerability disclosure policies to be required by contractors providing connected devices to the U.S. Government. >>> Exempt cybersecurity researchers engaging in good-faith research from liability under the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act when in engaged in research pursuant to adopted coordinated vulnerability disclosure guidelines. >>> Require each executive agency to inventory all Internet-connected devices in use by the agency." >>> https://www.warner.senate.gov/public/index.cfm/pressreleases?id=06A5E941-FBC3-4A63-B9B4-523E18DADB36 >>> >>> The legislation does not try and define “things” and instead uses the term “Internet-connected devices”. I think this is a good approach. >>> >>> It is though limited to devices purchased by the Federal government and so does not include devices bought by companies and/or consumers. >>> >>> Various US agencies are seen as having a role. Which would be the equivalent agencies in the EU? >>> >>> Gordon >>> >>> >>> _______________________________________________ >>> iot-discussion mailing list >>> iot-discussion at ripe.net >>> https://lists.ripe.net/mailman/listinfo/iot-discussion >>> >> >> _______________________________________________ >> iot-discussion mailing list >> iot-discussion at ripe.net >> https://lists.ripe.net/mailman/listinfo/iot-discussion > > _______________________________________________ > iot-discussion mailing list > iot-discussion at ripe.net > https://lists.ripe.net/mailman/listinfo/iot-discussion -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 203 bytes Desc: OpenPGP digital signature URL: </ripe/mail/archives/iot-wg/attachments/20170804/6ac10c49/attachment.sig>
- Previous message (by thread): [iot-discussion] Proposed US legislation
- Next message (by thread): [iot-discussion] Proposed US legislation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]