SECURITY
SECURITY
SECURITY
Proposed law would require minimum security standards for IoT devices
A bill presented to the U.S. Congress on Monday would enforce minimum security standards for “internet of things” devices purchased by the U.S. government.
The Internet of Things Cybersecurity Improvement Act of 2019 was introduced in the Senate by a bipartisan group of senators — Mark Warner, Cory Gardner, Maggie Hassan and Steve Daines — and representatives Robin Kelly and Will Hurd.
The bill, an updated version of a similar bill introduced in 2017 that failed to be adopted, would require the U.S. government to make sure that any devices it purchases meet minimum security requirements.
Under the proposed law, the National Institute of Standards and Technology would issue recommendations addressing the secure development, identity management, patching and configuration of IoT devices.
NIST would then direct the Office of Management and Budget to issue guidelines consistent with the NIST recommendations for each federal agency. At that point, federal agencies would be required to ensure that any internet-connected devices they purchase comply with the recommendations.
To sell their products to the government, IoT providers would be required to provide verification that their devices don’t contain any known security vulnerabilities, use industry standard technology and don’t have any fixed credentials.
In addition, so-called “behavioral requirements” would include notifying the government of any vulnerabilities as they are found as well as providing ongoing security support for the devices.
All this wouldn’t necessarily mean that all consumer devices would be safer, but the theory is that by forcing minimum security standards for the government purchases, a major purchaser of IoT devices, those minimum standards would flow on to consumers as well.
“While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security,” Sen. Warner said in a statement. “This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices.”
Image: 111692634@N04/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
