U.S. Government Looking to Improve Cybersecurity within Internet of Things
In recent years, there has been an explosion in physical devices that are able to connect to the internet, otherwise known as the Internet of Things (IoT). These convenient devices are come in the form of smart fridges that keep track of groceries and expiration dates, thermostats that can be controlled from a smartphone app, and smart watches that double as trackers of data for your health and workouts. The U.S. Government is not far behind in taking advantage of IoT to utilize different devices in its sectors, such as defense, architecture, and agriculture. However, the more devices that are used to connect to the internet, the more opportunities cyber criminals have in hacking governmental IoT. Senators Cory Gardner, Steve Daines, Mark Warner, and Ron Wyden have realized the importance of protecting these devices from cyberattack and are sponsoring new legislation with The Internet of Things Cybersecurity Act of 2017. This bill aims to set realistic security standards for connected devices are sold to the federal government.
David Navetta, U.S. co-chair of Norton Rose Fulbright’s Data Protection, Privacy, and Cybersecurity practice group, explained why creating a legislation like this is so important. “Recent events show that the IoT is an attractive vector for a cyberattack,” said Navetta. “By mandating that suppliers meet basic security requirements, the federal government is pushing the market to take cybersecurity considerations into account as early as the product and system design phases. Further, by requiring post-sale monitoring of vulnerabilities, the government is requiring entities to monitor and enhance a device’s cybersecurity throughout its life-cycle.”
One of the most important aspects of a smart device’s security is its ability to receive regular patches to fix discovered vulnerabilities. There are less expensive devices on the market that neglect this important security feature, exposing vulnerabilities open to hackers. Manufacturers can regularly patch the products they sell to the government which can minimize the chances of hackers to infiltrate government IoT. While new legislation would only mandate devices sold to the government, its purchasing power “could mean better security for consumer devices as well,” stated Ryan Tabibian, CEO of software development company Daxima.