UPDATED 22:08 EDT / MARCH 12 2019

SECURITY

Proposed law would require minimum security standards for IoT devices

A bill presented to the U.S. Congress on Monday would enforce minimum security standards for “internet of things” devices purchased by the U.S. government.

The Internet of Things Cybersecurity Improvement Act of 2019 was introduced in the Senate by a bipartisan group of senators — Mark Warner, Cory Gardner, Maggie Hassan and Steve Daines — and representatives Robin Kelly and Will Hurd.

The bill, an updated version of a similar bill introduced in 2017 that failed to be adopted, would require the U.S. government to make sure that any devices it purchases meet minimum security requirements.

Under the proposed law, the National Institute of Standards and Technology would issue recommendations addressing the secure development, identity management, patching and configuration of IoT devices.

NIST would then direct the Office of Management and Budget to issue guidelines consistent with the NIST recommendations for each federal agency. At that point, federal agencies would be required to ensure that any internet-connected devices they purchase comply with the recommendations.

To sell their products to the government, IoT providers would be required to provide verification that their devices don’t contain any known security vulnerabilities, use industry standard technology and don’t have any fixed credentials.

In addition, so-called “behavioral requirements” would include notifying the government of any vulnerabilities as they are found as well as providing ongoing security support for the devices.

All this wouldn’t necessarily mean that all consumer devices would be safer, but the theory is that by forcing minimum security standards for the government purchases, a major purchaser of IoT devices, those minimum standards would flow on to consumers as well.

“While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security,” Sen. Warner said in a statement. “This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices.”

Image: 111692634@N04/Flickr

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.