U.S. Senators introduce New Bill that sets IoT Standards for Federal Suppliers

U.S. Senators are planning to introduce new bill that sets IoT standards for federal suppliers. Sens. Mark Warner (D-Va.), Cory Gardner (R-Colo.), Ron Wyden (D-Ore.) and Steve Daines (R-Mont.) are sponsors of the measurement taken to act upon setting standards for the new bill.

The bipartisan group of U.S. senators introduced the piece of legislation on Tuesday to address the vulnerabilities posing a threat to the world of cybersecurity, mainly addressing the internet of things (IoT). The newly introduced Senate bill will implement standards for government IT vendors; known as the Internet of Things Cybersecurity Improvement Act of 2017.  The goal of the bill is to increase the security of IoT devices, especially government acquired devices. Key technology groups have already shown their support for the new bill, including he Center for Democracy & Technology (CDT), Mozilla, and the Berklett Cybersecurity Project at Harvard University’s Berkman Klein Center for Internet & Society.

Under this new bill, any devices connected vis the internet and which can transmit data is considered an IoT device.  The bill describes IoT devices as the following:

“a physical object that is capable of connecting to and is in regular connection with the Internet” and

“has computer processing capabilities that can collect, send or receive data.”

This bill was developed to directly address the series of immense number of cyber-attacks which occurred in 2016 due to poorly secured IoT devices. Setting the standard for government purchased and issued IoT devices, this includes security camera, routers, or computers. As well as, trying to alleviate the limitations to the current cybercrime laws set in place.

The bill requires all connected devices bought by government agencies to patchable when security updates are issued. Also, it bars all devices shipped with hard-coded passwords and vendors need to ensure all devices are free of vulnerabilities before issuing them out in the market.  This new piece of legislation exempts cybersecurity researchers with good intentions from liability under the Computer Fraud and Abuse Act (CFAA). Explicitly according to Sen. Warner, 

“ (the bill would) exempt cybersecurity researchers engaging in good-faith research from liability under the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act when in engaged in research pursuant to adopted coordinated vulnerability disclosure guidelines”.