A Republican chairman says he's open to a "certain level of regulation" on internet-connected devices to prevent a repeat of a recent major cyberattack.
But Rep. Greg Walden (Ore.) also said new cybersecurity rules might not be enough.
“While I'm not taking certain level of regulation off the table, the question is whether we need a more holistic approach," said Walden at a Wednesday joint hearing of the Energy and Commerce subcommittees on communications and technology, and commerce, manufacturing, and trade. Walden heads communications and technology.
"The United States cannot regulate the world. Standards applied to American-designed, American-manufactured or American-sold devices won't necessarily capture the millions of devices purchased by the billions of people around the world."
The hearing was a post-mortem of a cyberattack in October, where poorly secured internet-connected devices were hijacked in bulk and made to simultaneously flood the internet company Dyn.
Dyn operates the internet equivalent of a switchboard, routing web browsers to sites like Twitter and The New York Times. The company was hit with so much traffic it went down and took those websites with it for a short time.
The tool used to launch the Dyn attack is free and has been used by attackers against Russian banks and the network connecting the entire nation of Liberia to the internet.
Lawmakers recognized the vulnerability of internet-connected devices, but there was little consensus on what potential regulations to improve their security might look like.
Bruce Schneier, a security expert and Harvard fellow, argued that there might need to be a new agency to handle cybersecurity issues to ensure consistent standards across broad industries.
Both Walden and Rep. Anna Eshoo (Calif.), the panel's top Democrat, agreed that was unlikely with a new Republican Congress.
Rep. Jan Schakowsky (D-Ill.) called for the Federal Trade Commission to take a stronger role over device security, while also accusing Republicans of trying to gut the agency.
While lawmakers were divided on how to handle the problem, all agreed on the need to do more to prevent the cyberattacks from escalating.
“I'm not a regulatory fan,” said Schneier. “But this is a world of dangerous things. We regulate dangerous things."