Slashdot Mirror

← Back to Stories (view on slashdot.org)

Congress Introduces Bill To Improve 'Internet of Things' Security (cnet.com)

Posted by msmash on from the better-security dept.

Members of the US Senate and House of Representatives introduced the Internet of Things Cybersecurity Improvement Act on Monday, hoping to bring legislative action to the emerging technology. From a report: Connected devices are expected to boom to 20.4 billion units by 2020, but they don't all have the same levels of security. Hackers often target IoT devices that don't have built-in security, leading to problems like default passwords and vulnerabilities that can't be fixed. [...] Lawmakers are looking to fix that with the bill, which would require a bare minimum of security standards for any IoT devices that the federal government uses. "While I'm excited about their life-changing potential, I'm also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security," Sen. Mark Warner, a Democrat from Virginia, said in a statement.

4 of 54 comments (clear)

  1. The "S" in "IoT" ... by kenwd0elq · · Score: 4, Informative

    The "S" in "IoT" stands for "Security". As in, there ain't none.

    Yes, having a default password already applied to all IoT devices would be a great idea, as long as the instructions on "HOW TO CHANGE THE DEFAULT PASSWORD" was printed in at least 24-point type. For appliances, the instructions should be printed on a sticker (same typeface) across the front of the device.

    Beyond that .... the users need to be afraid of IoT devices and be concerned that they could he hacked. Because they all will be.

    1. Re:The "S" in "IoT" ... by torstenvl · · Score: 4, Interesting

      The default password should be randomly generated and included as a sticker in the packaging, like when you buy a combination lock. That way each device will have a random, unique password from the start. You'd have to go out of your way to make it admin/admin.

  2. Re:Do you really think Congress will legislate thi by mentil · · Score: 5, Insightful

    Almost certainly this will be a checklist, like PCI DSS compliance for credit card processors. Just like it is there, it will ensure you have a lock on the door, the window is closed, and a fence is around the perimeter... but does nothing to ensure the fence isn't made from tissue paper or that there isn't a large gap in the wall right next to the door.

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  3. Re:Do you really think Congress will legislate thi by supremebob · · Score: 3, Insightful

    Knowing the current state of Congress, they're require a third-party auditor to "certify" all new IoT products before allowing their sale in the US.

    The list of third-party auditors will probably closely match the list of corporate donors who sponsored the bill.

    I'm sure that the open source people will love jumping through this extra regulatory hoop and paying the required fees toll before getting their product on the market.