August 2, 2017 by

U.S. Senators introduce New Bill that sets IoT Standards for Federal Suppliers

U.S. Senators are planning to introduce new bill that sets IoT standards for federal suppliers. Sens. Mark Warner (D-Va.), Cory Gardner (R-Colo.), Ron Wyden (D-Ore.) and Steve Daines (R-Mont.) are sponsors of the measurement taken to act upon setting standards for the new bill.

The bipartisan group of U.S. senators introduced the piece of legislation on Tuesday to address the vulnerabilities posing a threat to the world of cybersecurity, mainly addressing the internet of things (IoT). The newly introduced Senate bill will implement standards for government IT vendors; known as the Internet of Things Cybersecurity Improvement Act of 2017.  The goal of the bill is to increase the security of IoT devices, especially government acquired devices. Key technology groups have already shown their support for the new bill, including he Center for Democracy & Technology (CDT), Mozilla, and the Berklett Cybersecurity Project at Harvard University’s Berkman Klein Center for Internet & Society.

Under this new bill, any devices connected vis the internet and which can transmit data is considered an IoT device.  The bill describes IoT devices as the following:

“a physical object that is capable of connecting to and is in regular connection with the Internet” and

“has computer processing capabilities that can collect, send or receive data.”

This bill was developed to directly address the series of immense number of cyber-attacks which occurred in 2016 due to poorly secured IoT devices. Setting the standard for government purchased and issued IoT devices, this includes security camera, routers, or computers. As well as, trying to alleviate the limitations to the current cybercrime laws set in place.

The bill requires all connected devices bought by government agencies to patchable when security updates are issued. Also, it bars all devices shipped with hard-coded passwords and vendors need to ensure all devices are free of vulnerabilities before issuing them out in the market.  This new piece of legislation exempts cybersecurity researchers with good intentions from liability under the Computer Fraud and Abuse Act (CFAA). Explicitly according to Sen. Warner, 

“ (the bill would) exempt cybersecurity researchers engaging in good-faith research from liability under the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act when in engaged in research pursuant to adopted coordinated vulnerability disclosure guidelines”.


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Researchers Develop Mirai Malware Vaccine for Insecure IoT Devices

Researchers have developed a novel new way to combat the dreaded Mirai botnet, the malware behind a...

Read more arrow_forward

Artificial Intelligence - The Future of Cybersecurity

The sheer number of cyber-attacks and threats present in today’s world is considerable. As the...

Read more arrow_forward

Artificial Intelligence (AI) Controlled Malware

As the world of internet of things (IoT) grows, the number of attacks through the cyber space will...

Read more arrow_forward