US Senate Looks To Impose IoT Security Standards With New Bill

The US Senate has introduced a new bill that seeks to create a set of minimum security standards for a range of Internet of Thing (IoT) devices purchased by the US government.

And it has the potential to affect a huge amount of tech, as the bill defines any IoT device as a physical object capable of connecting to the Internet, and one that has the processing capabilities, coupled with the ability to collect, send or receive data.

The move comes After the European Union last year pledged to push industry governance measures that would improve the security of Internet-connected devices. And experts have long said that cyber security needs to be at the forefront of the IoT push.

IoT Bill

The bill essentially wants to ensure that these types of devices (i.e routers, cameras, computers etc) used by any US federal agency using these of types are patched as soon as the security updates are available.

The Bill, according to security journalist Brian Krebs, also seeks to ensure that devices do not use hard-coded (unchangeable) passwords; and that vendors ensure the devices are free from known vulnerabilities when sold.

The bill is called the ‘IoT Cybersecurity Improvement Act of 2017‘, and it has the backing from across the political spectrum in the US, as it was introduced by Republican Senators Steve Daines and Cory Gardner, as well as Democrat senators Mark Warner and Ron Wyden.

The proposal directs the White House Office of Management and Budget (OMB) to develop alternative network-level security requirements for devices with limited data processing and software functionality.

And all government agencies have to compile an inventory of all Internet-connected devices in use by the agency.

Ongoing Concern

There has long been concern that professional cyber criminals for hire could attack IoT systems and critical infrastructure, like power grids, from across the internet at the behest of terrorist groups and nation states.

Last year the security threat posed by IoT was starkly illustrated when researchers at security firm Sucuri uncovered an unusual botnet made up entirely of Internet-connected CCTV cameras.

That incident recalled a similar case in 2015 when a security firm found a botnet made up of 900 CCTV cameras was launching an attack on an unnamed cloud services provider.

Quiz: Think you know all about Internet of Things?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Must Face Trial In Ad Tech Monopoly Case

Google loses bid for summary judgement as judge says 'too many facts in dispute' as…

5 hours ago

Silicon In Focus Podcast: Feeding the Machine

Learn how your business can meet the challenges associated with managing data across multiple platforms…

5 hours ago

Apple, Meta Likely To Face EU Antitrust Charges

Apple, Facebook parent Meta reportedly likely to face EU antitrust charges before August under new…

5 hours ago

Adobe Shares Jump On AI Success

Adobe shares post biggest gains in more than four years after it reports user take-up…

6 hours ago

Winklevoss’ Gemini To Pay $50m In Crypto Fraud Settlement

Winklevoss twins' Gemini Trust to pay $50m to settle cypto fraud claims over failed Gemini…

6 hours ago

Meta Delays EU AI Launch After Privacy Complaints

Meta delays Europe launch of AI in Europe after user, privacy group complaints over plans…

7 hours ago