A new bill, the Internet of Things Cybersecurity Improvement Act of 2017, has been proposed to improve the cybersecurity of the Internet of Things (IoT) in government. Nicholas Weaver, a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, applauds the effort, saying the legislation “is a good first step in securing the Internet of Things and U.S. government systems in particular.”
While the proposal doesn’t go nearly far enough to make a meaningful impact on IoT device security, it does offer some common-sense guidelines for tougher industry standards. As Weaver states in his article, focusing only on government may also allow this bill to make an impact more quickly.
Requiring support for security patches and banning devices with fixed passwords or using default passwords that must be changed in the field are entry level security measures that the government can easily enforce.
Commercial IoT device manufacturers who want to sell to the government will use these basic security features to create the baseline that non-government customers can expect to receive as well.
Read Weaver’s article here for a full breakdown of the proposed bill, and his insights on what else they could add to make it more effective.