US Senate Looks To Impose IoT Security Standards With New Bill

The US Senate has introduced a new bill that seeks to create a set of minimum security standards for a range of Internet of Thing (IoT) devices purchased by the US government.

And it has the potential to affect a huge amount of tech, as the bill defines any IoT device as a physical object capable of connecting to the Internet, and one that has the processing capabilities, coupled with the ability to collect, send or receive data.

The move comes After the European Union last year pledged to push industry governance measures that would improve the security of Internet-connected devices. And experts have long said that cyber security needs to be at the forefront of the IoT push.

IoT Bill

The bill essentially wants to ensure that these types of devices (i.e routers, cameras, computers etc) used by any US federal agency using these of types are patched as soon as the security updates are available.

The Bill, according to security journalist Brian Krebs, also seeks to ensure that devices do not use hard-coded (unchangeable) passwords; and that vendors ensure the devices are free from known vulnerabilities when sold.

The bill is called the ‘IoT Cybersecurity Improvement Act of 2017‘, and it has the backing from across the political spectrum in the US, as it was introduced by Republican Senators Steve Daines and Cory Gardner, as well as Democrat senators Mark Warner and Ron Wyden.

The proposal directs the White House Office of Management and Budget (OMB) to develop alternative network-level security requirements for devices with limited data processing and software functionality.

And all government agencies have to compile an inventory of all Internet-connected devices in use by the agency.

Ongoing Concern

There has long been concern that professional cyber criminals for hire could attack IoT systems and critical infrastructure, like power grids, from across the internet at the behest of terrorist groups and nation states.

Last year the security threat posed by IoT was starkly illustrated when researchers at security firm Sucuri uncovered an unusual botnet made up entirely of Internet-connected CCTV cameras.

That incident recalled a similar case in 2015 when a security firm found a botnet made up of 900 CCTV cameras was launching an attack on an unnamed cloud services provider.

Quiz: Think you know all about Internet of Things?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

BNP Paribas Joins JP Morgan Blockchain Trading Network

French bank BNP Paribas becomes first European bank to join JP Morgan's blockchain-based Onyx Digital…

15 hours ago

SEC Held Off Elon Musk Enforcement ‘Due To Court Fears’

US securities regulators may have refrained from enforcement actions against Elon Musk due to discouraging…

15 hours ago

Snap Earnings Warning Triggers Tech Sell-Off

Investors spooked after Snap warns of deteriorating economic conditions, says earnings now 'below the low…

17 hours ago

Russian Operator Discounts Smartphones As Sanctions Bite

Biggest Russian mobile operator MTS begins selling discounted and second-hand smartphones as Russians hit by…

18 hours ago

Clearview AI Fined £7.5m Over Facial Recognition Data

UK Information Commissioner's Office orders controversial facial recognition firm Clearview AI to delete data it…

19 hours ago

Airbnb To Pull Out Of China Amidst ‘Pandemic Challenges’

Airbnb to pull out of China as ongoing zero-Covid policy places severe restrictions on domestic…

20 hours ago