(Image courtesy of Thinkstock).
(Image courtesy of Thinkstock).
(Image courtesy of Thinkstock).
(Image courtesy of Thinkstock).
(Image courtesy of Thinkstock).

New Bill Targets Common Sense Security for Internet of Things

Aug. 4, 2017
The Internet of Things Cybersecurity Improvement Act of 2017 would require devices to have patchable software and alterable passwords.

U.S. lawmakers unveiled a bill this week that, if passed, would set basic security standards for connected devices from wearables to environmental sensors purchased by federal agencies.

The bill, called the Internet of Things Cybersecurity Improvement Act of 2017, would require devices to have software that can be patched and passwords that can be altered before being sold to the U.S. government. Without such capabilities, experts warn, everything from internet routers to security cameras could be left open to digital threats.

The sponsors of the bill include Republican senators Cory Gardner and Steve Daines and Democratic senators Ron Wyden and Mark Warner, the co-chair of the Senate Cybersecurity Caucus. Last year, Warner also raised concerns to regulators about internet-connected toys recording conversations and collecting data from children.

The legislation comes almost a year after a malicious strain of code called Mirai recruited millions of webcams, routers, and other connected gadgets to attack servers that act like the internet’s infrastructure. The so-called Mirai botnet crippled websites in large parts of the United States, making for a spectacular display of the Internet of Things’ frailty.

For years, experts have warned that connected devices could be exposed without ways to patch their software or replace hard-coded passwords set at factories. That is particularly vital since sensors and other electronics could be deployed for decades, giving hackers ample time to, for example, steal personal information or take control of traffic lights.

Ray O’Farrell, chief technology officer of cloud computing firm VMWare, said that the bill would provide “reasonable security recommendations” for federal agencies. The bill also requires that devices employ standard protocols and are not sold with known security vulnerabilities.  

Drafted with input from experts from the Atlantic Council and Harvard, the bill would create legal protections for “good-faith” researchers that break into devices to uncover previously unknown security flaws. It would also introduce guidelines to report these vulnerabilities.

Under the bill, agencies would also have to keep an inventory of deployed Internet of Things devices. The Office of Management and Budget will also be tasked with laying out guidelines for simpler devices with “limited” software and processing power, which might include wireless sensors or identification tags.

While the legislation will provide companies with a set of guidelines, it does little to directly regulate security, said Jonathan Zittrain, a founder of Harvard University’s Berkman Klein Center for Internet and Society. But it could motivate companies eyeing sales to the government, which has a $95 billion technology war chest under President Donald Trump’s proposed budget for next year.

“This bill deftly uses the power of the Federal procurement market, rather than direct regulation, to encourage Internet-aware device makers to employ some basic security measures in their products,” Zittrain said in a statement. “This will help everyone in the marketplace.”

Sponsored Recommendations

Highly Integrated 20A Digital Power Module for High Current Applications

March 20, 2024
Renesas latest power module delivers the highest efficiency (up to 94% peak) and fast time-to-market solution in an extremely small footprint. The RRM12120 is ideal for space...

Empowering Innovation: Your Power Partner for Tomorrow's Challenges

March 20, 2024
Discover how innovation, quality, and reliability are embedded into every aspect of Renesas' power products.

Article: Meeting the challenges of power conversion in e-bikes

March 18, 2024
Managing electrical noise in a compact and lightweight vehicle is a perpetual obstacle

Power modules provide high-efficiency conversion between 400V and 800V systems for electric vehicles

March 18, 2024
Porsche, Hyundai and GMC all are converting 400 – 800V today in very different ways. Learn more about how power modules stack up to these discrete designs.

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!