& cplSiteName &

IoT Security Raises Concerns for US Senators

Scott Ferguson

A bipartisan group of US senators is looking to get a better handle on the Internet of Things (IoT) and security as the number of connected devices continues to grow and the federal government invests more in the technology.

Introduced on Tuesday, the Internet of Things (IoT) Cybersecurity Improvement Act of 2017 bill would require any IoT device used by the federal government to meet a specific set of security requirements.

The security bill has backing from Republican and Democratic senators, including US Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO), who are the co-chairs of the Cybersecurity Caucus, as well as Sens. Ron Wyden (D-OR) and Steve Daines (R-MT).

At the minimum, the proposed bill would require government contractors who are supplying IoT devices to ensure that sensors and other hardware are patchable, that these devices do not include hard-coded passwords and that IoT devices are free of any known security vulnerability before they are installed.

(Source: Geralt via Pixabay)

In short, ensuring basic networking and IoT security before an agency starts hooking these devices to the Internet.

"This legislation would establish thorough, yet flexible, guidelines for Federal Government procurements of connected devices. My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products," Warner wrote in an August 1 statement supporting the bill.

In their statement, the senators point to the growing volume of IoT and connected devices, citing a widely circulated Gartner report that finds connected devices will grow from 8.4 billion this year to over 20 billion by 2020. Spending on IoT and related services is also expected to hit $2 trillion by the end of this year.

If passed, the bill would set minimum standards for IoT security, as well as several other guidelines for handling connected devices. These include:

  • Allowing the federal Office of Management and Budget to create alternative network-level security requirements for devices with limited data processing and software functionality.
  • Directing the Department of Homeland Security to issue cybersecurity disclosure guidelines to contractors who are supplying connected devices.
  • Giving security researchers some liability protection if they are investigating IoT security flaws.
  • Requiring each executive agency to inventory all connected devices.

The fact that these senators are recognizing IoT security is a big step in ensuring not only government, but enterprises and consumers are protected as well. Since many connected devices send information back to the cloud, the harm caused by an IoT breach is incalculable.

Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.

One of the major problems with IoT security, which can lead to malware and distributed denial-of-service (DDoS) attacks, is the way these devices are designed.

In a column for our sister site Security Now, Pawani Vaddi, a product manager for consumer devices at Webroot, wrote that IoT developers aren't conscious of building in security at the manufacturing level, which leaves these devices open to attack -- a concern Warner's statement echoed. (See How Secure Are Your IoT Devices?)

Additionally, an IDC report published in June found that spending on IoT hardware security hardware security will increase at a compound annual growth rate (CAGR) of 15.1%, between now and 2021. At the same time, spending on security software will increase at a CAGR of 16.6%. (See IoT Spending Will Reach $1.4T by 2021 – Report.)

In his statement, Warner noted that he's written to the Federal Trade Commission about the data that "smart toys" collect, as well as concerns raised after the Mirai botnet attack that involved IoT devices. (See Level 3's Drew Sees Liability Issues in IoT Botnets.)

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

(9)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Educational Resources
sponsor supplied content
Educational Resources Archive
More Blogs from Scott Ferguson
From its roots in industrial farm machinery and other equipment, John Deere has always looked for a technological edge. About 20 years ago, it was GPS and then 4G LTE. Now it's turning its attention to AI, machine learning and IoT.
Artificial intelligence and automation will become more integral to the enterprise, and 90% of all apps will have integrated AI capabilities by 2020, according to Oracle CEO Mark Hurd.
IBM is now offering access to Nvidia's Tesla V100 GPUs through its cloud offerings to help accelerate AI, HPC and other high-throughput workloads.
CIO Rhonda Gass is spearheading an effort to bring more automation and IoT to the factories making Stanley Black & Decker tools and other equipment.
Workday is looking to build out its machine learning and artificial intelligence capabilities with the acquisition of startup SkipFlag.
Featured Video
From The Founder
John Chambers is still as passionate about business and innovation as he ever was at Cisco, finds Steve Saunders.
Flash Poll
Upcoming Live Events
June 26, 2018, Nice, France
September 12, 2018, Los Angeles, CA
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 17, 2018, Chicago, Illinois
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
NFV Is Down but Not Out
Iain Morris, News Editor, 5/22/2018
Trump Denies ZTE Deal, Faces Senate Backlash
Dan Jones, Mobile Editor, 5/22/2018
What VeloCloud Cost VMware
Phil Harvey, US News Editor, 5/21/2018
5G in the USA: A Post-BCE Update
Dan Jones, Mobile Editor, 5/23/2018
Vanquished in Video, Verizon Admits OTT Defeat
Mari Silbey, Senior Editor, Cable/Video, 5/23/2018
Animals with Phones
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed