Sen. Mark Warner (D-Va.) on Wednesday said he is working on legislation aimed at requiring that cyber security be built into Internet-connected systems and technologies that the federal government purchases.
Warner said generally he doesn’t think the U.S. is “prepared” with regard to cyber security posture given the range of successful hacks that are taking place against various targets in the country.
There are about 10 billion devices currently connected to the Internet worldwide and that number will grow to around 35 billion in the next four years as part of the Internet of Things (IoT), Warner said at a government forum hosted by the cyber security firm FireEye [FEYE].
“Virtually all of these devices…as they get smaller and more compact are built on interconnection and flexibility but nobody’s built in security into any of these devices,” Warner said. He added that cyber will be a “growth field” for information security companies and for jobs.
Warner said that at the federal level, when it comes to the purchase of Internet-connected devices, his legislation would require there be a way to patch them and “some ability to know that” there is bad software code in them.
‘We have to start building in security,” Warner said. “In many ways, we’re already way behind as we move into an ever more networked world.”
Warner is the vice chairman of the Senate Intelligence Committee. He also sits on the Banking, Housing & Urban Affairs, Budget, Finance, and Rules & Administration Committees.
Warner also said that data breach notification is an issue that requires attention. There are 48 different state laws here and no minimum threshold for data breach notification, he said, adding that every industry should be part of this.
If bill on full data breach notification can’t be agreed to, Warner said there should at least be a law requiring public companies to disclose data breaches to the Securities and Exchange Commission (SEC). He said it is “stunning” to him that Yahoo [YHOO] failed to file with the SEC that its database of users was hacked, saying this was a “material” event.
Warner also said Congress difficulty passing legislation related to cyber security because there are too many committees with jurisdiction over the issue. He said a lot of “dysfunction” in the Senate is based on committee jurisdiction, noting that nine different committees have held hearings on cyber security.
Warner said he and his Republican colleague Cory Gardner (Colo.) started the Senate Cyber Caucus to help work across jurisdictional boundaries.