Well, looking at the rapid growth and futuristic predictions about the global rise of IoT technology, such a governmental-based legislation to secure Internet of Things was indeed overdue. Four U.S. senators: Mark Warner, Steve Daines, Cory Gardner, and Ron Wyden combinedly proposed the Internet of Things Cybersecurity Improvement Act of 2017 in the U.S. Senate for approval. Even though, the submitted bill only covers IoT-enabled devices that are officially in use for government-specific tasks, many proponents, and legal experts are appreciating this move and believe it will serve as a model for the corporate sector to follow soon. “I believe we are lucky enough to be on the brink of seeing IoT becoming an officially accepted and regulated field for each and all utilizers,” says Mr. Clovis Lacerda, founder of Parlacom Telecommunications Brazil, a mobile IoT/M2M services providers. This statement, as clearly as it is said, does hold genuine merit in it.
But let’s get back to the proposed bill IoT-CIA (short abbreviation of the long name) for the time being. The bill chiefly introduces a set of rules as a “standard” for all kinds of IoT devices that are installed on the sensitive U.S. government networks. Some of the core fundamentals presented in the bill were: IoT devices must not have fixed passwords and should have verified software as well as no loopholes in hardware. The bill further states that only authenticated updates and security patches can be added to government IoT devices, among the various requirements proposed for IoT security in the bill. The bill is expected to make notable adjustments to other related in-practice legislations like the Digital Millennium Copyright Act (DMCA) & Computer Fraud and Abuse Act (CFAA), and will likely to remove certain legal limitations for security analysts/researchers.
IoT, which was coined first in the 90s, only started to get the recognition it deserved until recently when technologists started to envision a “Digital Revolution” which will transform the world completely into a digital powerhouse, one in which every device and machine will be connected and controlled by the web-based networks and cloud services. However, along with this amazing technology’s rapid growth also comes to some grave security concerns as well. These security concerns were mainly found in accessibility, management, and processing of IoT hardware and software. For example, eliminating the fixed-password issue in IoT devices can alone significantly enhance the security level.
IoT hardware shipped with default passwords programmed within the machines has higher chances of being compromised by an unethical person. The IoT-CIA has addressed this issue neatly in its proposition, which will help regulate low-quality IoT device encryption and force IoT hardware manufacturers to follow the said pattern strictly. Other regulations provided in the bill are also quite significant in enhancing and making IoT more secure. However, the approval is still pending, and even if approved it will be quite U.S. government-specific law. The thing which will be quite exciting to anticipate is to see how major IoT solutions provider take inspiration from this law, once it is being implemented.
Whatever might be the outcome, one thing is highly for certain: The days of IoT technology becoming an official part of “everyday technology” has clearly arrived. Hopefully, after the U.S. government taking up and implementing IoT security code of conduct within their infrastructure, we have every good hope that this will become the role model for all the IoT providers to follow, making IoT safer and easier for all of us, in the end, to use.