US Senate Looks To Impose IoT Security Standards With New Bill

The US Senate has introduced a new bill that seeks to create a set of minimum security standards for a range of Internet of Thing (IoT) devices purchased by the US government.

And it has the potential to affect a huge amount of tech, as the bill defines any IoT device as a physical object capable of connecting to the Internet, and one that has the processing capabilities, coupled with the ability to collect, send or receive data.

The move comes After the European Union last year pledged to push industry governance measures that would improve the security of Internet-connected devices. And experts have long said that cyber security needs to be at the forefront of the IoT push.

IoT Bill

The bill essentially wants to ensure that these types of devices (i.e routers, cameras, computers etc) used by any US federal agency using these of types are patched as soon as the security updates are available.

The Bill, according to security journalist Brian Krebs, also seeks to ensure that devices do not use hard-coded (unchangeable) passwords; and that vendors ensure the devices are free from known vulnerabilities when sold.

The bill is called the ‘IoT Cybersecurity Improvement Act of 2017‘, and it has the backing from across the political spectrum in the US, as it was introduced by Republican Senators Steve Daines and Cory Gardner, as well as Democrat senators Mark Warner and Ron Wyden.

The proposal directs the White House Office of Management and Budget (OMB) to develop alternative network-level security requirements for devices with limited data processing and software functionality.

And all government agencies have to compile an inventory of all Internet-connected devices in use by the agency.

Ongoing Concern

There has long been concern that professional cyber criminals for hire could attack IoT systems and critical infrastructure, like power grids, from across the internet at the behest of terrorist groups and nation states.

Last year the security threat posed by IoT was starkly illustrated when researchers at security firm Sucuri uncovered an unusual botnet made up entirely of Internet-connected CCTV cameras.

That incident recalled a similar case in 2015 when a security firm found a botnet made up of 900 CCTV cameras was launching an attack on an unnamed cloud services provider.

Quiz: Think you know all about Internet of Things?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

9 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

11 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

13 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

13 hours ago