This article originally appeared on Architectural Lighting.
A bipartisan group of U.S. senators including Mark Warner (D-VA), Cory Gardner (R-CO), Ron Wyden (D-OR), and Steve Daines (R-MT) have announced plans to introduce the Cybersecurity Improvement Act of 2017, which calls for improved security through increased regulation of internet-connected devices—the number of which could exceed 20 billion by 2020.
“The Internet of Things (IoT) landscape continues to expand, with most experts expecting tens of billions of devices operating on our networks within the next several years,” Gardner said in a press release. “As these devices continue to transform our society and add countless new entry points into our networks, we need to make sure they are secure from malicious cyber-attacks.”
As proposed, the legislation would require all vendors who sell devices to federal government agencies to supply IoT devices that are patchable, without known vulnerabilities, rely on standard protocols, and do not contain hard-coded passwords. For devices that do not comply with these standards, federal agencies can ask the Office of Management and Building (OMB) permission to purchase non-compliant devices with proof of “compensating controls.” The bill would also direct the Department of Homeland Security’s National Protect Programs Directorate to develop vulnerability disclosure guidelines for contractors who sell devices to the government or who use IoT-enabled devices on a government contract.
The bill has been endorsed by groups such as the Atlantic Council, the Berklett Cybersecurity Project at Harvard University’s Berkman Klein Center for Internet & Security, the Center for Democracy and Technology, Mozilla, Cloudflare, Neustar, the Niskanen Center, Symantec, TechFreedom, and VMware.
Read the complete bill here.
