US Senate Looks To Impose IoT Security Standards With New Bill

The US Senate has introduced a new bill that seeks to create a set of minimum security standards for a range of Internet of Thing (IoT) devices purchased by the US government.

And it has the potential to affect a huge amount of tech, as the bill defines any IoT device as a physical object capable of connecting to the Internet, and one that has the processing capabilities, coupled with the ability to collect, send or receive data.

The move comes After the European Union last year pledged to push industry governance measures that would improve the security of Internet-connected devices. And experts have long said that cyber security needs to be at the forefront of the IoT push.

IoT Bill

The bill essentially wants to ensure that these types of devices (i.e routers, cameras, computers etc) used by any US federal agency using these of types are patched as soon as the security updates are available.

The Bill, according to security journalist Brian Krebs, also seeks to ensure that devices do not use hard-coded (unchangeable) passwords; and that vendors ensure the devices are free from known vulnerabilities when sold.

The bill is called the ‘IoT Cybersecurity Improvement Act of 2017‘, and it has the backing from across the political spectrum in the US, as it was introduced by Republican Senators Steve Daines and Cory Gardner, as well as Democrat senators Mark Warner and Ron Wyden.

The proposal directs the White House Office of Management and Budget (OMB) to develop alternative network-level security requirements for devices with limited data processing and software functionality.

And all government agencies have to compile an inventory of all Internet-connected devices in use by the agency.

Ongoing Concern

There has long been concern that professional cyber criminals for hire could attack IoT systems and critical infrastructure, like power grids, from across the internet at the behest of terrorist groups and nation states.

Last year the security threat posed by IoT was starkly illustrated when researchers at security firm Sucuri uncovered an unusual botnet made up entirely of Internet-connected CCTV cameras.

That incident recalled a similar case in 2015 when a security firm found a botnet made up of 900 CCTV cameras was launching an attack on an unnamed cloud services provider.

Quiz: Think you know all about Internet of Things?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago