Hey there! Thanks for joining me today for this quick bit. Let’s dive into cybersecurity + politics + law!
You may have heard of two things regarding IoT. One, that the IoT world is expanding exponentially, pervading into our personal and business lives. By 2020, there will be over 20 billion devices connected to the Internet. Smart home devices, smart cities, smart works- all controlled by devices and connected to the Internet. Some devices you buy in the future, you won’t even know at purchase that it is connected to the Internet- but it will be. (It’s inevitable!) However, the 2nd point is that the IoT world possesses many insecurities. Recently, hundreds of thousands of webcams and smart devices were hijacked, subsequently knowing Twitter, Spotify, and Paypal offline. Like Tech Insider quotes, “The Internet of Things is a massive security nightmare.” Now, US Lawmakers are presenting policy to make IoT more secure than we have seen it be.
Drafted with the help of technology experts from the Atlantic Council and Harvard University, A group of US Senators (Republicans Cory Gardner and Steve Daines and Democrats Mark Warner and Ron Wyden) has announced legislation seeking to address vulnerabilities in everyday IoT devices. The legislation proposes that
- Vendors give the US government Internet-connected equipment that ensures that the IoT device is patchable and conforming to industry security standards and policy.
- Vendors will then not be able to sell devices that possess known vulnerabilities
- Vendors will not be able to sell devices with passwords that cannot be reset from the factory settings.
- Federal agencies can purchase non-compliant devices if controls are apparent like network segmentation (meaning your device is separated from the rest of the network through a hub, router, switch, or repeater).
- Note: Only applies to vendors supplying to the US Government
The new legislation includes “reasonable security recommendations” that would be important to improve protection of federal government networks, said Ray O’Farrell, chief technology officer at cloud computing firm VMware.
Although this seems like a small step, it’s great to see movement in our lawmakers, acknowledging the vulnerabilities IoT poses and taking action step by step. Only if we have policy can we then layer in software engineering aspects, UX aspects, and utilities.
Hope this keeps you in the loop with policy in cyber.
Thanks for joining me, and as always, be a safe digital citizen.