Skip to main content
close search
site logo
Dive Brief

Senators propose bipartisan law to secure IoT. But how?

Published Aug. 2, 2017
Naomi Eide's headshot
Managing Editor
Flickr

Dive Brief:

  • A group of bipartisan senators have proposed a law to secure the Internet of Things, placing the onus on manufacturers to adequately secure internet-connected devices. U.S. Senators Mark Warner, D-VA, and Cory Gardner, R-CO, co-chairs of the Senate Cybersecurity, have teamed with Sens. Rony Wyden, D-WA, and Steve Daines, R-MT, on the legislation, according to an announcement.
  • Under the proposed IoT Cybersecurity Improvement Act of 2017, vendors supplying IoT devices to the U.S. government would have to ensure the devices do not have hard-coded passwords, are patchable and are free of known security flaws. It would require executive agencies to inventory all IoT devices in use.
  • The legislation also emphasizes the need for more security research to help create "coordinated vulnerability disclosure policies" for federal contractors supplying devices to the government. It also would remove liability for cybersecurity researchers acting in good faith. 

Dive Insight:

The senators are on to something in their efforts to secure the IoT. But the effort falls short of creating  U.S. standards necessary to actually protect against compromised IoT devices. The legislation focuses on the government procurement process, without touching on the security of publicly available IoT devices, installed by businesses and consumers.

Gartner predicts an estimated 8.4 billion IoT devices will be in use globally this year. By 2020, that number could reach 20.4 billion. Security, however, remains IoT's Achilles Heel. Manufacturers focus more on functionality than security, leaving many devices exposed for exploitation.   

The legislation is in part a reaction to October's major DDoS attack, which highlighted serious vulnerabilities in the underlying internet infrastructure. The Dyn DDoS attack employed tens of millions of IP addresses from compromised IoT devices, bringing down large swaths of the internet.

So while the IoT legislation would work to secure IoT vulnerabilities across government agencies, it does little to prevent lax security measures of devices in production. Attackers may not be able to use government devices to create a botnet, however they have millions of other easily compromised devices to employ.  

Innovation in tech consistently moves faster than legislation, and cybersecurity shortcomings are a result of that. Efforts to secure devices and ensure industry standard security practices come too late, often a reactionary move to a crippling cyberattack. Until legislation moves to prevent security shortcomings, large scale cyberattacks will persist. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Celonis Business Collaboration Networks Drive Process Improvement Across Company Boundaries
From Celonis
October 23, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Tech Ambitions Collide with Reality: 2025 Technology Impact Report Exposes Critical Readiness…
From Omnia Strategy Group, LLC
October 21, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell