nextgov

So, who governs the Internet of things? Who ensures connected and self-driving cars don’t put their passengers in danger, that security cameras don’t relay video feeds of their users to third parties, or that data collected from billions of consumer devices can be used without compromising personal information? For now, it’s still not clear. Today, several agencies, including the Food and Drug Administration, the Federal Communications Commission, the Federal Trade Commission and the National Highway Traffic Security Administration have authority over some aspects of the Internet of things.

Experts say the regulatory framework isn’t well defined and that agencies will likely need to work together as cases arise that expose the potential downsides of widespread connectivity. As more IoT-related cases begin to test the regulatory framework, “the main thing that connects them is they’re going to have internet connectivity of some sort,” said Lee Tien, senior staff attorney at the Electronic Frontier Foundation. “Regulating a Fitbit is very different from regulating an automobile or regulating an implantable medical device like a defibrillator.” Here’s a look at some of the discussions federal groups are having about regulating the Internet of things.

[Commentary] A key function of government is to address citizen constituent needs. Fulfilling those needs requires implementing innovative and cost-effective services through the public sector’s digital transformation. The goal of citizen service is to provide faster, flexible and more responsive performance in critical mission programs. Partnering with the private sector has proven to be a good channel for innovation and helps deliver best commercial practices for agencies. This collaboration allows for fiscal accountability and provides a vehicle for efficient and fruitful programs.

In any vertical—health care, national security, transportation or education—a starting point for innovation can be in public/private partnering for citizen services. In commercial markets, the pressure is to win, maintain and expand market share while delighting customers with excellent customer service. This same level of pressure is on governments today with the goals of excellent response and effective resolution of any issue.

[Teresa A. Weipert is senior vice president of Sutherland Government Solutions.]

Agency chief information officers will need to get a better handle on their software license inventories and prepare to show savings to the Office of Management and Budget under a new law. Signed into law July 29, the Making Electronic Government Accountable By Yielding Tangible Efficiencies, or MEGABYTE, Act requires executive agency CIOs to develop a comprehensive software licensing policy in order to track spending on software, identify unused licenses and avoid duplication.

“There is considerable waste in software license expenditures, and implementation of the MEGABYTE Act will rectify this to the benefit of American taxpayers,” said Rep Matt Cartwright (D-PA) who sponsored the bill. The MEGABYTE Act requires CIOs to inventory 80 percent of software license spending and enterprise licenses, regularly track and maintain licenses, and embrace metrics such as software usage data to make cost-effective decisions. The act also requires CIOs to report financial savings or cost avoidance that results from software license management.

Collecting public comment on federal rules might get a little easier. An Environmental Protection Agency pilot lets citizens comment on specific paragraphs of proposed rules instead of submitting them via e-mail or in a separate text box. It might seem like a minor feature that should have existed before, but EPA is among the first to test drive it, according to a blog post from General Services Administration tech consultancy, 18F.

Since 2015, 18F and the Consumer Financial Protection Bureau have been gradually adding new features to the eRegulations system, an open source platform that hosts proposals online. EPA is trying out the comment feature on a rule that would lay out fees for groups using the agency's hazardous waste tracking system; interested parties can choose to comment on specific sections, such as the rule's "scope" or "preamble."

[Commentary] Power grids have proven to be vulnerable to cyber terrorists. Hackers interrupted a regional power supply abroad (in the Ukraine), and white hat hackers in the Midwest recently demonstrated there’s nothing special about our own grid that would protect our systems from the eventuality of a similar – and potentially much more damaging – fate. Those of us who make our bread and butter in the world of cyber defense have long warned of the possibility of cyberattacks that could threaten our critical infrastructure, our economy and our very way of life by extension.

In July, new legislation was introduced in the Senate to protect our electrical infrastructure from cyberattack. The Securing Energy Infrastructure Act proposes taking our industrial control systems offline in an effort to isolate them from insidious threats that can lurk in our always-on and always-connected networks. While this approach might be a bit unconventionally retro in nature, it is heartening to see members of Congress working with industry to think about new (and old) ways to address a very real and difficult challenge. But further thinking and action are needed on a global scale. By working with our allies and industrial partners across the globe to ensure information sharing about cyberthreats and attacks, we can do much to further secure our collective online existence. The consequences of oversleeping are far too great to consider ignoring the alarm for an extra nine minutes of peace.

[Jack Harrington is vice president of cybersecurity and special missions at Raytheon]

A global lack of cybersecurity talent could make nations more vulnerable to cyberattack, and governments aren't doing enough to fill that gap, a new report finds. About 33 percent of respondents to a recent survey — spanning eight nations — said a cyber skills shortage does “direct and measurable damage” to their organizations, according to a joint report compiled by Intel Security and Washington think tank the Center for Strategic and International Studies.

The majority, 76 percent, said they didn’t think their governments were doing enough to recruit a better workforce. The survey tapped hundreds of executives in various countries including the United States, the United Kingdom, France, Germany, Australia, Japan, Mexico and Israel. The scarcest skills overall were “intrusion detection, secure software development, and attack mitigation,” the report found. About 71 percent of respondents said that skills shortage makes them “more desirable hacking targets." The US cyber shortage appears to be less dire than that of Australia or Mexico. In those countries, almost 90 percent of respondents said there was a skills gap, compared to a little more than 80 percent of US respondents. Only about 70 percent of United Kingdom respondents reported a shortage.

Maybe it's time the Secret Service starts cracking down on the computer security of presidential candidates, in addition to their physical security, some private cyber investigators say, after a leak of Democratic party files right before the nomination of Hillary Clinton for president. "When you are running for president up and through [Republican National Committee] and DNC conventions, there are a lot of physical protections put in place for the potential president, however, on the cyber side we have not caught up in that world yet," said Tony Cole, global government chief technology officer for cyber forensics firm FireEye.

The Secret Service, in most situations, "does not secure the computer systems" of political organizations, nor does it "secure the computer systems of individuals, to include protectees," like major presidential candidates, according to a legal summary from the Secret Service. That said, Secret Service spokeswoman Nicole Mainor said that the agency "plays a significant law enforcement role in ensuring that candidates are aware of a range of vulnerabilities – ranging from physical protection to cybersecurity." She added, "The Secret Service continues to work vigorously with our local, state and federal partners to prevent and detect cyberthreats against the homeland, to include those against presidential candidates and their campaigns.”

Public spending on sensor technology might be up, but Internet of things enthusiasts shouldn’t get too excited about a futuristic, hyperconnected government. Without top-down strategies for using networks of devices and embedded sensors, federal adoption “will likely remain low,” a new report from the Center for Data Innovation suggests.

Other barriers include a lack of funding and general risk aversion in government buying. The technology is slowly gaining traction in the federal market — the government spent $8.8 billion on the Internet of things in fiscal 2015, up 20 percent from fiscal 2014, according to a report from big data and analytics firm Govini. It has also garnered congressional attention: A bipartisan group of senators last year passed a resolution calling for a national strategy for the internet of things that would outline how it could boost the domestic economy. But no federal agencies have their own broad plans for using that network, according to a report compiled by the Center for Data Innovation, a division of Washington think tank the Information Technology and Innovation Foundation. No agency, CDI found, "addresses how it will use the Internet of things in its strategic plan.”

Kevin Counihan has been named the first CEO of Healthcare.gov, which serves residents of states that opted not to create their own online insurance marketplaces.

Counihan was CEO of Connecticut’s health insurance exchange, which is one of the most successful state marketplaces and the first to exceed enrollment goals laid out in the health care law.

In his new role, Counihan will manage relationships with state exchanges and run an oversight center, HHS said. He will report to Marilyn Tavenner, the administrator of the Centers for Medicare and Medicaid Services, which oversees HealthCare.gov.

US courts are moving forward with a plan federal agencies say is needed to track down potential terrorists hiding out on the Internet but privacy advocates say would give the FBI wide latitude to hack into people's computers.

Two adjustments to the US Courts Committee on Rules of Practice and Procedure’s draft of search and seizure changes would expand the scope of the government's offensive cyber techniques. The public has until Feb 17, 2015, to weigh in.