On Tuesday, August 1st, 2017, a bipartisan bunch of Senators introduced abill that would address security and vulnerabilities in everyday objects that are connected to the Internet; and all of these devices together make up what’s called the “Internet of Things.”
The Internet of Things (from here on out referred to as “IoT”) has long been a conglomeration of serious security flaws that leave our personal and business data at risk.
Think smart refrigerators and internet-connected CCTV cameras aren’t a risk to us? TheMirai botnet attack last year that took down what seemed like half of the Internet was, indeed, simply a string of “dumb” internet connected devices that were hijacked by malware and used in unison to send so much traffic that it crashed much of the internet’s “backbone.”
This new bill, called the Internet of Things Cybersecurity Improvement Act of 2017, introduced yesterday, tries to address a few things. First are foremost, it would make vendors that supply the US government with internet connected equipment adhere to the current standards of security in industry. These same vendors would not be able to sell devices to the government that have passwords that cannot be changed, or devices that have known security flaws; and that would seem to be common sense (something not always common in government).
The second part of the bill gives better legal protections for cybersecurity researchers that hack into equipment at the behest of the manufacturers in order to find vulnerabilities and report back so a patch can be implemented.
Senators Cory Gardner, Steve Daines, Mark Warner, and Ron Wyden are the sponsors of said legislation, and this bill was drafted, in part, by cybersecurity experts at Harvard University and the Atlantic Council. The House is expected to follow suit.
Ray O’Farrell, CTO at VMware, a cloud computer firm, says that this bill proposes “reasonable security recommendations” that will prove to be important in protecting the federal government’s networks.
For years, cybersecurity experts have warned that the IoT was ballooning into this massive array of vulnerable devices that leave all of us in jeopardy, but as is typical, there was not much political will to get it addressed.
Household appliances and cars leaving us at risk is bad enough, so now imagine medical devices that are wireless, such as a pacemaker; or even an insulin pump. Those consequences could be literally fatal.
And it’s not like this Internet of Things is going away anytime soon. Every single day there are more and more of these devices coming online, and together they are not unlike a drone army that can be awaken and used for nefarious purposes.
Researchers have estimated that the IoT could reach between 20 - 30 billion devices by 2020. That is a mind-boggling amount of vulnerability.
Thankfully, a handful of Senators reached across the aisle in order to get something accomplished that will help us all.
Comments will be approved before showing up.