Senators Mark R. Warner (D-VA) www.warner.senate.gov and Cory Gardner (R-CO) www.gardner.senate.gov Co-Chairs of the Senate Cybersecurity Caucus along with Senators Ron Wyden (D-OR) www.wyden.senate.gov and Steve Daines (R-MT) www.daines.senate.gov, have introduced bipartisan legislation to improve the cybersecurity of Internet-connected devices.
The “Internet of Things (IoT) Cybersecurity Improvement Act of 2017” would require devices purchased by the U.S government to meet certain minimum security requirements:
- Requires vendors who supply the federal government with IoT devices to ensure that their devices are patchable and use industry standard protocols
- Devices must not include hard-coded passwords that can’t be changed, and are free of known security vulnerabilities plus other basic requirements
- Directs the Office of Management and Budget to develop alternative network-level security requirements for devices with limited data processing and software functionality
- Directs the Department of Homeland Security’s National Protection and Programs Directorate to issue guidelines regarding cybersecurity coordinated vulnerability disclosure policies that will be required by contractors providing connected devices to the Federal government
- Exempts cybersecurity researchers engaging in good-faith research from liability under the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act when doing research pursuant to adopted coordinated vulnerability disclosure guidelines
- Requires each executive agency to inventory all Internet-connected devices in use by the agency
“While I’m tremendously excited about the innovations and productivity that IoT devices will unleash, I have long been concerned that too many Internet-connected devices are being sold without appropriate safeguards and protections in place,” reports Senator Warner. “My hope is that this bill will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”
According to Senator Gardner, “The IoT landscape continues to expand with most experts expecting tens of billions of devices to be operating on our networks within the next several years. As these devices continue to transform our society and add countless new entry points into our networks, we need to make sure they are secure from malicious cyber-attacks.”
To view the bill, go to https://www.scribd.com/document/355269230/Internet-of-Things-Cybersecutity-Improvement-Act-of-2017.