US Senators Intro IoT Security Bill
Four US senators yesterday introduced a bipartisan bill designed to improve baseline security for all IoT devices bought and used by the government.
The Internet of Things Cybersecurity Improvement Act aims to ensure that products can be patched, don’t include hard-coded passwords that can’t be changed, and are free of known security vulnerabilities, amongst other requirements.
It was drafted with help from cybersecurity experts at thinktank the Atlantic Council and Harvard University and features endorsements from the likes of Mozilla, Neustar and VMware.
The infamous Mirai attacks of last year, one of which managed to take out some of the biggest sites on the web for a brief time, were made possible because the malware simply scanned for the default log-ins that so many IoT devices ship with.
Interestingly, the proposed legislation also provides legal protections to researchers looking to hack IoT products to find vulnerabilities; from the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act. Read more…