This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/iot-wg@ripe.net/
[iot-discussion] Proposed US legislation
- Previous message (by thread): [iot-discussion] Proposed US legislation
- Next message (by thread): [iot-discussion] Proposed US legislation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Richard Lamb
richard.lamb at icann.org
Mon Aug 7 22:33:58 CEST 2017
Love this discussion. Similar discussions going on on IEEE policy lists and at recent DEFCON/Blackhat. Id be the last one to say govt should get too involved (having worked inside before) but I have seen some encouraging efforts like those out of US Federal Trade Commission (FTC) in the form of funded contests for upgradeable IoT devices. ..and NIST/FISMA/OMB guidance on government procurement. Although the later seems a bit less effective that one may think given a continued lack of awareness re: DNSSEC (a requirement for USG procurement) with comments like …”hey I thought we didn’t need dnssec anymore…” Sigh… Thank you for this discussion. -Rick From: iot-discussion [mailto:iot-discussion-bounces at ripe.net] On Behalf Of Gordon Lennox Sent: Saturday, August 5, 2017 12:36 PM To: Patrik Fältström <paf at frobbit.se> Cc: iot-discussion at ripe.net Subject: Re: [iot-discussion] Proposed US legislation I agree. The US federal government buys a lot of kit and so may have an effect on the market. They also have a small set of bodies / agencies - OMB, Homeland Security, NIST - who can be tasked in this particular case. This is not the case in the EU. MS do the purchasing. But “trade” tends to mean "international trade" and that is “complicated". I think we are not there. I can expand if required. But briefly. Everybody - everybody! - has supplied kit with vulnerabilities. So it is cool to accept broken stuff from local - NA / EU - suppliers but say we will not buy any stuff from certain other countries? And anyway your smartphone was manufactured where exactly? ;-) Gordon On 4 Aug 2017, at 19:31, Patrik Fältström <paf at frobbit.se<mailto:paf at frobbit.se>> wrote: To comment on what Gordon wrote, I think the choice of saying for example "procured by the federal government" etc is simply because of what power the legislator have. In many MS of EU one could probably say "public sector" and not only federal level. But it may differ between MS. Regarding Europol, I think they only act as proxies between police in the various MS. They do not take action on their own. And regarding ENISA, well, we have the struggle between COM and ENISA and I personally think it would be COM that make statements. That said, this is most certainly much more a trade issue than IT or even security. So Gordon, who knows trade? paf -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/iot-wg/attachments/20170807/5b5f12d0/attachment.html>
- Previous message (by thread): [iot-discussion] Proposed US legislation
- Next message (by thread): [iot-discussion] Proposed US legislation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]