IoT security now has some influential eyes on it. Earlier this year, U.S. Senators Steve Daines, Cory Gardner, Mark Warner and Ron Wyden introduced the Internet of Things Cybersecurity Improvement Act of 2017, which seeks to set a baseline of security standards for IoT-enabled devices before they can be sold to federal agencies. It’s built on three mandates:
Then, in October, Senators Edward Markey and Ted Lieu introduced the Cyber Shield Act of 2017, which, according to the legislation, would create a “process for identifying, establishing, reporting on, adopting, maintaining and promoting compliance with the voluntary cybersecurity and data security benchmarks” for devices that receive or transmit data.
If passed, the Cyber Shield Act would require the assembly of a Cyber Shield Advisory Committee, which would have one year to create a construct for labels designed to identify devices that meet security standards.
Whether either bill passes – or whether or not they would be effective – is up for debate. What is clear is that IoT security is important enough to attract Congress’ attention, which gives the topic a certain level of gravitas. That said, it is something those in the industry have understood and have been concerned about for quite some time.
IoT security – whether it comes in the form of legislation or voluntary industry best practices – must be addressed because it is not going away. We believe the following actions deserve immediate attention to help make IoT-enabled devices more secure:
Interested in how you can make your IoT application more secure?