[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3811 Introduced in House (IH)]

<DOC>






116th CONGRESS
  1st Session
                                H. R. 3811

 To direct the Secretary of Commerce to conduct a study and submit to 
 Congress a report on the processes of international standards-setting 
  with respect to internet-connected devices, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             July 17, 2019

Ms. Matsui (for herself and Mr. McCaul) introduced the following bill; 
         which was referred to the Committee on Foreign Affairs

_______________________________________________________________________

                                 A BILL


 
 To direct the Secretary of Commerce to conduct a study and submit to 
 Congress a report on the processes of international standards-setting 
  with respect to internet-connected devices, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``IoT Standards Leadership Act of 
2019''.

SEC. 2. SENSE OF CONGRESS.

    It is the sense of Congress that--
            (1) United States policy has allowed industry in the United 
        States to innovate and lead the global technology sector;
            (2) as governments have sought to use country-specific 
        standards to hinder the innovation and influence of United 
        States technology, the United States should demonstrate 
        leadership and be a vocal supporter of the open, voluntary, 
        consensus-based international standards system;
            (3) the United States should support multi-stakeholder 
        standards-development processes and robust involvement in 
        international standards-setting bodies and organizations with 
        respect to internet-connected devices (commonly known as the 
        ``Internet of Things'' or ``IoT'');
            (4) the United States should support standards that enable 
        interoperability among devices and systems and are country-
        agnostic and vendor-neutral;
            (5) the United States should maintain and foster United 
        States leadership in international standards-setting bodies and 
        organizations with respect to internet-connected devices;
            (6) the United States should work with governments and 
        nongovernmental stakeholders to deter the establishment of 
        government-driven, country-specific standards, which can be 
        detrimental to interoperability and security;
            (7) the convergence of traditional information technology 
        devices, networks, and systems with internet-connected devices, 
        networks, and systems, including consumer and industrial 
        internet-connected devices, networks, and systems, may create 
        cybersecurity and interoperability challenges, including cyber 
        exposure gap challenges, with respect to which United States 
        leadership in international standards-setting bodies and 
        organizations can lead to stronger protection of networks to 
        support the security of internet-connected devices; and
            (8) the United States should support standards-development 
        processes for internet-connected device security that focus on 
        prioritized, flexible, repeatable, performance-based, and cost-
        effective approaches to cyber hygiene and managing risk.

SEC. 3. STUDY AND REPORT.

    (a) Study.--The Secretary of Commerce shall conduct a study of the 
international standards-setting bodies and organizations that set 
standards with respect to internet-connected devices and of the 
appropriate means to ensure robust United States leadership in the 
processes of such bodies and organizations. In conducting the study, 
the Secretary shall assess--
            (1) the involvement of the United States in such processes;
            (2) efforts of countries to create country-specific 
        standards with respect to internet-connected devices that are 
        not aligned with international standards-setting processes and 
        international standards;
            (3) the progress, if any, that has been made in developing 
        international standards with respect to internet-connected 
        devices;
            (4) how to support consistent United States private and 
        public sector participation in such bodies and organizations; 
        and
            (5) the extent to which international standards for 
        internet-connected devices focus on prioritized, flexible, 
        repeatable, performance-based, and cost-effective approaches to 
        cyber hygiene and managing risk.
    (b) Report.--Not later than 180 days after the date of the 
enactment of this Act, the Secretary shall submit to the Committee on 
Energy and Commerce of the House of Representatives and the Committee 
on Commerce, Science, and Transportation of the Senate a report that 
contains--
            (1) the results of the study required by subsection (a);
            (2) recommendations to promote the leadership of the United 
        States and all relevant nongovernmental stakeholders in the 
        processes of international standards-setting bodies and 
        organizations for setting standards with respect to internet-
        connected devices; and
            (3) an assessment of whether and how the leadership of the 
        Secretary, working with governmental and nongovernmental 
        stakeholders, can--
                    (A) promote and strengthen international standards 
                with respect to internet-connected devices; and
                    (B) discourage the development of country-specific 
                standards with respect to internet-connected devices 
                that could hinder interoperability and security.

SEC. 4. DEFINITIONS.

    In this Act:
            (1) Cyber exposure gap.--The term ``cyber exposure gap'' 
        means the cybersecurity and vulnerability management challenges 
        organizations face in seeing and understanding cybersecurity 
        risk across the full range of internet-connected platforms of 
        such organizations, including information technology, internet-
        connected devices, operational technology, mobile, and cloud 
        computing platforms.
            (2) Internet-connected device.--The term ``internet-
        connected device'' means a physical object that--
                    (A) is capable of connecting to the internet, 
                either directly or indirectly through a network, to 
                communicate information;
                    (B) has computer-processing capabilities for 
                collecting, sending, receiving, or analyzing data; and
                    (C) is not a general-purpose computing device, 
                including a personal computing system or a smart mobile 
                communications device.
                                 <all>