Remember how much digital ink we’ve spilled talking about how bad modern cyber security is? Well! Now Congress is actually (maybe!) going to do something about it.
The Internet of Things Cyber Security Act of 2017 is a bipartisan bill put forth by US Senators Mark Warner (D-VA), Cory Gardner (R-CO), Ron Wyden D-OR, and Steve Daines (R-MT) that would require manufacturers to bake some basic security features into internet-of-things devices.
If you’re wondering why that’s such a big deal, last year we saw an uptick in truly large-scale cyber attacks across the globe. Researchers discovered that a number of organizations had begun using security holes in smart devices like printers or routers or light switches to create powerful, specialized squadrons of zombie computers. These groups, known as botnets, are all under the control of whoever took them over. With a sizable enough army, an unscrupulous individual could bring down almost anything connected to the internet. Simply by jamming a target with traffic, an attacker could cripple major servers for banks or other vital services. Some attacks have even been large enough to take significant chunks of the internet itself offline (which… why the hell aren’t we talking about that more?)
This bill would require all of the hardware purchased by the US government to have some protections. Passwords for these devices will be changeable, they will be patched and maintained regularly, and it even shields security researchers who are acting in good faith from prosecution for certain types of study. These steps are particularly important because many of the devices used in these botnets have hard-coded login information. Ostensibly, this is so the companies can update and service devices without having to worry about being locked out, but it also makes it astonishingly easy for just about anyone to use these mini-computers for nefarious ends. This is so easy, in fact, to prevent that some hackers have been messing with folks — even bricking their unsecured devices — just to teach people a lesson about security.
This certainly steps in the right direction towards an obvious and desperately-needed solution, but it’s also remarkably small in scope, only affecting devices used by the federal government. Even so, Senators Warner and Garner tout the bill as a major win.
“The IoT landscape continues to expand, with most experts expecting tens of billions of devices operating on our networks within the next several years,” Gardner said in a statement. “As these devices continue to transform our society and add countless new entry points into our networks, we need to make sure they are secure from malicious cyber-attacks. As co-chairs of the Senate Cybersecurity Caucus, Senator Warner and I are committed to advancing our nation’s cybersecurity defenses and this marks an important step in that direction.”
If they’d like to get serious, really serious about committing to action, then these requirements would apply to all devices sold in the US. Yeah, it’s an extreme measure, but we’re playing with some pretty big flames here. It’s not too far-fetched to expect, in short order, cities or critical services like medical databases being subject to attack from outside groups. But, even as the threats mount, politicians are painfully ignorant or unwilling to act in earnest.
Let us know what you like about Geek by taking our survey.