The bipartisan Internet of Things Cybersecurity Improvement Act of 2017 would strengthen security standards for IoT devices sold to the government.
A group of U.S. senators announced they plan to introduce a bill designed to address security issues in IoT devices. Republicans Cory Gardner and Steve Daines and Democrats Mark Warner and Ron Wyden are sponsoring the legislation, which was written with the help of experts from Harvard University and the Atlantic Council. A Senate aide told Reuters a companion bill would be introduced in the House at a later date.
“As these devices continue to transform our society and add countless new entry points into our networks, we need to make sure they are secure from malicious cyber-attacks,” said Sen. Cory Gardner, (R-Colo),.“This bipartisan, commonsense legislation will ensure the federal government leads by example and purchases devices that meet basic requirements to prevent hackers from penetrating our government systems without halting the life-changing innovations that continue to develop in the IoT space.”
IoT Security for government work
The bill, dubbed The Internet of Things Cybersecurity Improvement Act of 2017, would require vendors that sell IoT devices to the government ensure those devices conform to industry security standards and are upgradable and patchable. It also bars them from using hard-coded passwords that cannot be changed.
[ Related: Consumers Want Security Built into IoT Devices ]
It provides language that would allow federal agencies to purchase non-compliant devices only if controls such as network segmentation, are in place, and would expand legal protections for so-called “white hat” researchers who hack equipment to find vulnerabilities to assist manufacturers in creating patches for them.
“We’re trying to take the lightest touch possible,” Sen Warner (D-VA) told Reuters. He added that the legislation was intended to remedy an “obvious market failure” that has left device manufacturers with little incentive to build with security in mind.