No vulns. No hardwired passwords. Patchable. Congress dreams of IoT: Impossible Online Tech
After years of warnings about the parlous state of Internet of Sh!t security, the US Senate has finally introduced legislation on the matter.
The Internet of Things Cybersecurity Improvement Act would require that IoT devices purchased by the American government must not have any known security vulnerabilities, must have the ability to be patched, and may not have hardcoded passwords built in. It mandates that every government department inventory all IoT devices on their networks.
“Information is a form of currency,” co-sponsor Senator Steve Daines (R‑MT) stated. “We need to have proper safeguards in place to ensure that our information is protected, while still encouraging innovation.”
The bill also directs Homeland Security to come up with a vulnerability disclosure program so that departments can get patched and updated. Another requirement says the Office of Management and Budget must come up with reasonable standards as to what IoT security should actually entail. Read more…