The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 is proposed bipartisan legislation that was introduced on Tuesday, August 1 to ensure that IoT devices are as secure as possible, according to a press release from Sen. Mark Warner (D-VA).
Sens. Warner and Cory Gardner (R-CO), with co-chairs of the Senate Cybersecurity Caucus and with Sens. Ron Wyden (D-OR) and Steve Daines (R-MT) drafted this bill to ensure that any IoT devices that belong to the U.S. government and its citizens meets a number of security requirements.
This bill requires that vendors provide IoT services that are patchable, that are without any known security weaknesses, follow standard protocols, and don’t have hard-coded passwords that are impossible to change. If vulnerabilities in an IoT device are discovered, the device’s creator must disclose any problems and provide an explanation as to why their device is still secure even if it possesses these vulnerabilities.
There are IoT botnets lurking out in the open looking to take over unprotected IoT devices. One infamous instance of malware used to disrupt service is the Mirai botnet, which first revealed itself in 2016. Botnets—groups of computing devices that can be controlled from a single source—can be used to carry out distributed denial of services (DDoS) attacks, according to a report from Wired. Computers can be installed with anti-virus software to protect their contents, but there is no equivalent for routers or for webcams.
This proposed legislation should alleviate threats like Mirai, and is supported by a number of experts, including some from Harvard University, Mozilla, Symantec, TechFreedom and the Center for Democracy and Technology.
“The IoT Cybersecurity Improvement Act presents a reasonable mechanism to help prevent catastrophic attacks involving federal connected devices and encourage better security throughout the ecosystem,” said Austin Carson, executive director of TechFreedom.
Michelle Richardson, the deputy director of the Freedom, Security and Technology Project, Center for Democracy and Technology, said “we urgently need to start securing the Internet of Things, and starting with the government’s own devices is an important first step.”
It is expected that there will be 20 million IoT devices by 2020, and these devices will have amazing capabilities, but will be faced with security concerns.