U.S. to legally bind IoT vendors to take security seriously
After the E.U. announced plans to enforce new data protection regulations, a bipartisan group of U.S. senators have now announced plans to pass a law that will legally bind IoT makers to tighten the security around their products.
The Internet of Things (IoT) is shaping up to become a quintessential part of the not-too-distant future, with tens of billions of devices estimated to start shipping annually from 2020 onwards. Experts believe the proliferation of Internet-connected devices will make for a fertile ground for cybercrime. And if last year’s DDoS attack on Dyn was any indication, those experts are onto something.
The United States now plans to introduce a bill “To provide minimal cybersecurity operational standards for Internet-connected devices purchased by Federal agencies, and for other purposes.”
Sponsoring the legislation are Republicans Cory Gardner and Steve Daines and Democrats Mark Warner and Ron Wyden, aided by technology experts at the Atlantic Council and Harvard University, as well as a member of the Senate who got down to the nitty gritty and wrote the bill, Reuters reports.
The new law promises to incent hackers to expose vulnerabilities in flawed devices, while at the same time providing legal ground for pushing vendors into ensuring that their Internet-connected equipment is patchable. Additionally, the bill seeks to prohibit vendors from selling devices with unchangeable passwords, or worse, that have known vulnerabilities.
“We’re trying to take the lightest touch possible,” said Mark Warner.
In May 2018, the European Union is set to introduce the General Data Protection Regulation (GDPR), a new law that will legally force organizations that process personally identifiable information to ensure the safety of that data for every EU resident.
A recent example of why the IoT space must be regulated more tightly is the $1,500 smart gun that can be hacked to allow anyone to fire it without authorization. A hacker using the pseudonym Plore demonstrated how the pistol – which requires the user to wear an accompanying smart-watch for authentication – can be made to fire without the watch present, by having cheap magnets placed in a certain spot on the gun.embedded embedded devices embedded system Internet of Things IoT iot law iot legislation us senate