IoT Security: U.S. Government Doubles Down With New Bill
The Internet of Things (IoT) offers an incredible opportunity to connect the power of the web with otherwise isolated infrastructure. But as with any connected device, the presence of the internet opens up substantial opportunity for malware.
To tackle IoT security, U.S. Senators Mark Warner, Ron Wyden, Cory Gardner and Steve Daines have sponsored a new bill that sets ground rules for government use of IoT, Tech Republic reports.
Hot on the heels of distributed-denial-of service attacks such as Dyn that use the Mirai botnet powered by IoT devices, the new bill includes strict guidelines and precautions to protect government entities. Under the legislation, all vendors of government IoT deployments must:
- Not contain any known hardware, software or firmware vulnerabilities.
- Be capable of software or firmware updates from the vendor.
- Use only industry-standard protocols and technology.
- Not include hard-coded or otherwise fixed credentials for remote administration, updates or communication.
Although the bill’s scope is limited to government vendors, it introduces some important IoT security checkpoints that just about any organization would do well to incorporate. Not to mention, considering that government entities are a prime target for cybercrime, the legislation marks important progress for national security.
But while these new rules lay the groundwork for IoT security, they’re neither comprehensive nor immutable. The bill contains provisions for activities like white-hat research, which would not necessarily be subject to the same standards. If anything, this legislation is good news for government cybersecurity and a useful example of proactive policy in an ever-changing tech landscape. With some 20 billion IoT devices predicted to flood the market by 2020, according to Gartner, now is the time to invest in keeping them secure.