Everyone needs to smarten up on smart technology.
IoT Cybersecurity Improvement Act- It’s no secret that the current state of internet of things, or IoT, security is sub-par. We all see the steady drumbeat of headlines detailing new vulnerabilities in just about every connected device, from smart vacuums to digital assistants.
There is still a lot of work to be done when it comes to making IoT more secure, and the U.S. government is taking notice. The House of Representatives recently passed a bipartisan bill requiring that all IoT devices purchased by the government meet minimum security requirements. Known as the IoT Cybersecurity Improvement Act, the measure directs the National Institute of Standards and Technology to create security standards that government agencies would have to follow when purchasing IoT devices, as well as the management of their vulnerabilities.
While any bipartisan bill is likely to generate varying viewpoints, this is one that should be applauded, considering the biggest gap in addressing IoT security is lack of awareness. But is it really enough to generate industrywide change? Let’s explore.
A Portion of the Massive Problem
This bill is certainly a step in the right direction, as it will help bring the topic of IoT security and privacy front and center for federal organizations, technology manufacturers and consumers alike. First, let’s look at the pros. The involvement from NIST in developing guidelines on the use of IoT devices, as well as the management and disclosure process of related vulnerabilities, is perhaps one of the biggest benefits of the bill. Once approved and implemented, these guidelines could provide helpful guidance to both the public and private sector—but ultimately, we need more than just general guidelines.
Now, let’s evaluate the cons. The bill in its current state addresses just a portion of the larger problem at hand. The security regulations outlined in the bill only apply to IoT technologies that will be used in federal environments, rather than being applicable across all relevant IoT-enabled devices. So, while it is a good first step, it’s far from being entirely sufficient.
The responsibility still falls on the manufacturers to provide secure, trustworthy IoT technologies. Simultaneously, we as consumers must also demand better security from the companies selling us these devices. Without this, it’s unlikely we’ll see the level of action required to turn the IoT security tides across the board. At the end of the day, an all-encompassing set of guidelines for secure IoT device manufacturing, distribution and implementation is required in order to drive a realistic shift.