A bipartisan group of U.S. senators this week introduced legislation that would establish baseline security standards for the government's purchase and use of computers, routers, security cameras and other Internet of Things (IoT) devices.
The "Internet of Things Cybersecurity Improvement Act of 2017," unveiled by Sens. Steve Daines (R-Mont.), Cory Gardner (R-Colo.), Mark Warner (D-Va.) and Ron Wyden (D-Ore.), would empower the White House Office of Management and Budget to create security requirements for devices with limited data processing and software functionality, according to Krebs on Security.
In addition, the act would require vendors that provide internet-connected equipment to the U.S. government to meet various industry security standards and would prohibit vendors from supplying IoT devices that have unchangeable passwords or known security vulnerabilities, Reuters reported.
With the legislation, the U.S. government has taken an important first step to guarantee that IoT device manufacturers make cybersecurity a part of their products' DNA, Phil Reitinger, CEO of the Global Cyber Alliance cyber risk coalition, told MSSP Alert.
Furthermore, the legislation would ensure that the U.S. government takes device privacy and security into account when making IoT purchases, Reitinger noted.
How to Eliminate IoT Threats
Approximately 8.4 billion connected "things" will be in use this year, up 31 percent from 2016, technology research firm Gartner said in a prepared statement.
Meanwhile, increased spending on IoT security will be driven by the growth in the number of connected devices and the importance of IoT security, which is reflected in a recent study of 397 IT executives across 19 industries conducted by consulting firm Altman Vilandrie & Company.
The Altman Vilandrie study revealed 46 percent of companies have experienced an IoT-related security intrusion or breach in the last two years. Also, the study indicated companies that have not experienced a security breach are dedicating 65 percent more budget to IoT security (33 percent of IT security budget vs. 20 percent) than others.
To eliminate security threats, IoT device vendors need to provide organizations with cybersecurity solutions that deliver multi-faceted protection, according to Altman Vilandrie.
"'Defend' (IoT security) products are in the most demand, but will not work without a well thought-out set of verification and monitoring solutions," Altman Vilandrie wrote in its study report. "Vendors will need to educate IT buyers on the importance of a complete solution that works together for maximum effect."
