UPDATED 22:48 EDT / AUGUST 01 2017

INFRA

New Senate bill proposes security standards for IoT devices

A newly introduced Senate bill would impose minimum standards on Internet-of-Things device makers if they want to sell them for government business.

The new bill, the Internet of Things (IoT) Cybersecurity Improvement Act of 2017, is being supported across party lines and would introduce certain minimum security requirements for IoT devices. Those include not using hard-coded passwords that can’t be changed and ensuring they are free of known security vulnerabilities and can be patched and upgraded if necessary.

All vendors looking to sell for U.S. government contracts would be required to comply with the security standards. But federal agencies will be able to request exemptions to the requirements, which would have to be justified and then approved by the Office of Management and Budget.

According to Reuters, Republicans Cory Gardner and Steve Daines and Democrats Mark Warner and Ron Wyden are sponsoring the legislation, which is said to have been drafted with input from technology experts at the Atlantic Council and Harvard University.

“We’re trying to take the lightest touch possible,” Warner told Reuters. He added, however, that the legislation was intended to remedy an “obvious market failure” that has left device manufacturers with little incentive to build with security in mind.

While citing attacks on IoT device in general in the last 12 months, the “obvious market failure” of IoT devices came to public and government attention in October last year. A series of Distributed Denial of Service attacks targeted Dynamic Network Services Inc., a low-key domain name service hosting provider that does business under the name Dyn. The attack, which used IoT devices arranged into a botnet to attack the company, resulted in large swaths of popular sites being taken offline, including Twitter, Amazon.com, Reddit, Spotify and Etsy.

With some 50 billion IoT devices expected to be connected to the Internet by 2020, this bill goes some way in addressing security concerns. On one hand, the bill will not enforce basic security standards with all IoT devices, meaning that little may change.

But since the U.S. government is the single largest purchaser of goods and services in the world, IoT products included, the legislation may result in companies making sure all of their devices are compliant with government rules. That means those same devices will be more secure for enterprise and consumer customers as well.

Image: 111692634@N04/Flickr

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.