House Communications Subcommittee Ponders How to Fix Mobile Devices' Cybersecurity
House Communications Subcommittee members agreed during a Tuesday hearing that more needs to be done to improve cybersecurity of wireless infrastructure and mobile devices. Political parties diverged on how government should be involved. Republicans touted importance of private industry driving the push for communications sector-wide cybersecurity improvements, while Democrats lamented the FCC's recently reduced cyber role. Symantec Senior Policy Counsel Bill Wright and other industry experts said mobile devices are an increasingly attractive target for hackers, and improvements to their cyber protections should become a top priority.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Chairman Marsha Blackburn, R-Tenn., was one of several Republicans who praised the power of public-private partnerships in encouraging cybersecurity risk management. She said there must be an “all-of-the-above approach when it comes to forging defensive measures.” Vice Chairman Leonard Lance, R-N.J., said it's “imperative" that mobile devices' cyber vulnerabilities “be addressed.” Government and the private sector need to “work together” on solutions to cybersecurity issues “without mandating” standards, he said.
Blackburn touted her Balancing the Rights of Web Surfers Equally​ and Responsibly (Browser) Act (HR-2520) in response to House Communications Democrats' criticisms of the Congressional Review Act resolution of disapproval to abolish FCC ISP privacy rules that President Donald Trump signed in early April (see 1704040059). The Browser Act aims to ensure the FTC regulates privacy for both ISPs and edge providers, on an opt-in basis, and pre-empts state laws (see 1705190053). “We would be happy to have [House Democrats] join us” in moving the Browser Act forward, Blackburn said. Her office has been seeking Democratic co-sponsors for the bill, which has four Republican co-sponsors (see 1706070050).
“We should be focused like a laser” on preventing cyberattacks but House Republicans' rollback of the FCC ISP privacy rules and other actions prevented meaningful progress this year, said ranking member Frank Pallone, D-N.J. “These games have to stop,” he said, saying he sees a need for a trio of bills aimed at requiring the FCC to strengthen its cybersecurity policies. The Cybersecurity Responsibility Act (HR-1335), Interagency Cybersecurity Cooperation Act (HR-1340) and Securing IoT Act (HR-1324) were seen as a direct response to FCC moves this year away from cybersecurity policymaking (see 1703020035). Rep. Anna Eshoo, D-Calif., again promised to reintroduce her 2015 Promoting Good Cyber Hygiene Act, which would direct the National Institute of Standards and Technology to work with the Department of Homeland Security and FTC to create voluntary best practices for network security. The bill would direct DHS to study cyberthreats for mobile devices (see 1510010061).
Policymakers must begin viewing smartphones and other mobile devices “as computers and we need to protect them as computers,” Symantec's Wright said. Mobile devices have become “an attack vector that cannot be ignored and they are increasingly targeted for access to sensitive information or financial gain,” said Liberty Group Ventures partner Kiersten Todt, who was the executive director of the former President Barack Obama-initiated Commission on Enhancing National Cybersecurity.
The federal government should pair a “bold, new” cybersecurity workforce strategy with a “modern approach” that focuses on proactively searching for unknown vulnerabilities, said cybersecurity firm Tenable CEO Amit Yoran. He urged the federal government to continue promoting the NIST Cybersecurity Framework because it's the “best place to begin the dialogue around IoT security.” Virginia Tech Hume Center for National Security and Technology Director Charles Clancy said improving IoT cybersecurity is difficult because connected devices often have limited cyber protections and little ability to receive post-purchase security patches.