Yesterday the US Senate introduced legislation that would regulate the Internet of Things. Basically, anything with an IP address. The Internet of Things Cybersecurity Improvement Act would require that IoT devices purchased by the American government must not have any known security vulnerabilities, must have the ability to be patched, and may not have hardcoded passwords built in. It mandates that every government department inventory all IoT devices on their networks. The bill also directs Homeland Security to come up with a vulnerability disclosure program so that departments can get patched and updated. Another requirement says the Office of Management and Budget must come up with reasonable standards as to what IoT security should actually entail.
Now, I’ve been saying for a very long time that governments have to step in and regulate IoT devices if companies can’t build secure devices. I however don’t think this will make any difference. Why? Two reasons come to mind.
- I question whether US Government agencies have the ability to come up with and update any standards as to what IoT security means. Though, they are free to prove me wrong on that point.
- The average consumer isn’t affected by this because this bill if passed only applies to government. Thus, you and I are still at the mercy of IoT vendors.
So, while this is a good start, I don’t think this is the solution that this problem needs. Maybe someday there will be a bill to regulate ALL IoT devices backed by standards that make sense and are enforceable. But until then, you and I will still have to worry about craptastic security in our IP cameras, robotic vacuums, and every other IoT device we own.
Related
This entry was posted on August 2, 2017 at 7:50 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
US Government Wants To Regulate IoT Devices…. Good Luck With That
Yesterday the US Senate introduced legislation that would regulate the Internet of Things. Basically, anything with an IP address. The Internet of Things Cybersecurity Improvement Act would require that IoT devices purchased by the American government must not have any known security vulnerabilities, must have the ability to be patched, and may not have hardcoded passwords built in. It mandates that every government department inventory all IoT devices on their networks. The bill also directs Homeland Security to come up with a vulnerability disclosure program so that departments can get patched and updated. Another requirement says the Office of Management and Budget must come up with reasonable standards as to what IoT security should actually entail.
Now, I’ve been saying for a very long time that governments have to step in and regulate IoT devices if companies can’t build secure devices. I however don’t think this will make any difference. Why? Two reasons come to mind.
So, while this is a good start, I don’t think this is the solution that this problem needs. Maybe someday there will be a bill to regulate ALL IoT devices backed by standards that make sense and are enforceable. But until then, you and I will still have to worry about craptastic security in our IP cameras, robotic vacuums, and every other IoT device we own.
Share this:
Like this:
Related
This entry was posted on August 2, 2017 at 7:50 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.