It’s pretty rare these days to hear anything about bipartisan cooperation in Washington, D.C., but apparently internet of things device cybersecurity is an important enough issue to yield some good ‘ol get-along.
After a spate of cyber attacks due to vulnerable internet of things devices in 2016, a bipartisan group of senators have proposed the Internet of Things Cybesecurity Improvement Act of 2017. The bill attempts to develop a set of standards for internet of things devices, but specifically those installed in government facilities.
According to this story on the blog Lawfare, the bill would enact some common sense measures to prevent two of the most common problem related to internet of things devices: Fixed (or default) passwords. Manufacturers would have to set a different password for each device so hackers would have no way of knowing a device’s default password. It’s kind of amazing that this isn’t already the case, isn’t it?!
While these new security rules would initially apply only to companies selling devices to the federal government, the idea is that the massive buying power of the government (up to $95 billion on tech next year, according to Recode) will force changes to the industry as a whole, and standard security procedure among manufacturers when shipping new devices.
Most experts have hailed the bill as a solid first step to correcting some of the most glaring internet of things device security issues. So, since it makes sense and has widespread support, it’s an open question whether it will actually make it to law.
This Quick Read was submitted by Greg Zimmerman, executive editor, Building Operating Management. Read his cover story on the how sustainability and resilience complement each other.
