This week, four senators across party lines proposed the Internet of Things Cybersecurity Improvement Act of 2017. The bill mandates a minimum security level for internet-connected devices that are sold to and used by the federal government. It has gained support from Mozilla, the creator of the internet browser Firefox, and the Berklett Cybersecurity Project at Harvard University, among other leaders in the cyber industry.

Currently, there are numerous devices that use the internet to function. Examples include common technology like smartphones, computers and tablets but also include new technology such as smart thermostats, baby monitors and wearables. The newer devices can be hacked just like a computer, granting cyber criminals access to personal data. Trends show there could be as many as 20 billion of these devices actively being used by consumers within five years.

“The internet of things landscape continues to expand …. As these devices continue to transform our society and add countless new entry points into our networks, we need to make sure they are secure from malicious cyber attacks,” said Cory Gardner, a Colorado senator who proposed the bill.

As the number and variety of devices grow, the need for better security measures grows, too. Last October hackers were able to take down major websites like Spotify, Twitter and The New York Times through these IoT devices. In such attacks, it’s possible for hackers to gain access to demographic data or even communicate directly to users without their knowledge.

The federal government hopes that such a bill would increase cybersecurity by protecting devices in three critical ways:

  1. Requiring such devices be patchable, which would allow for fixing any security weaknesses as they become known.
  2. Requiring devices come without hard-coded passwords that can’t be changed. These hard-coded passwords are typically general and easy to guess which present obvious vulnerabilities.
  3. Protecting contracted firms hired to researching potential device weaknesses from the Computer Fraud and Abuse Act, which was passed to catch hackers, as long as the policies laid out in the new bill are strictly followed.

Though the bill doesn’t do much to ensure an increase in cybersecurity for consumers in the immediate sense, it’s an important step forward in enhancing basic protections of national security. Legislators are hoping that a passing of the bill may lead to the development of a standard for businesses of all sizes and industries, eventually trickling down into products used throughout American homes.

In the meantime, it’s up to individual businesses to pursue measures that will keep your devices and data secure. For information on how to implement a tailored version of this standard in your organization, contact us at info@techorchard.com.