- The House Subcommittee on Communications and Technology and the Subcommittee on Commerce, Manufacturing and Trade held a joint hearing Wednesday to consider whether federal regulation is needed to ensure Internet of Things device security.
- The hearing revealed several challenges around managing IoT security, but not many solutions. One challenge is the fact that most IoT devices aren’t made in the U.S., so U.S.-based regulations would not be effective.
- Some lawmakers supported the development of an independent testing organization to oversee IoT security standards.
On Tuesday, the National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) introduced IoT security recommendations. The NIST guidelines include processes for managing IoT devices from the supply phase to testing, while the DHS guidelines suggest ways to improve IoT device security as products are designed.
But both sets of guidelines are merely recommendations and do not come with consequences in the event that IoT devices are not properly secured. Until industry standards are both set and met, large-scale cyberattacks that employ compromised IoT devices will persist.
IoT devices have recently been used to launch massive DDoS attacks. In response, many organizations are now calling for more built in security from the manufacturers to ensure that malicious actors cannot harness devices for botnets.
The attack on Dyn last month utilized compromised digital video recorders and webcams. The revelation caused at least one manufacturer, Hangzhou Xiongmai Technology, to voluntarily recall its products.