The 2015 Internet of Things Solutions World Congress (IOTSWC) in Barcelona: Josep Lago/AFP/Getty Images
Intelligent indoor lighting that follows you where you go, smart refrigerators that send pictures of their contents to grocers, sentient thermostats that adjust temperature based on activity, free and unhindered access to an unlimited library of information has transformed an entire generation. However, what nightmares lie concealed in the shadows of your intelligence life while you go by each day under the simulated delusion of safety? Gone is the era of firewalls, antiviruses and cybersecurity suites guiding every access point in your home. With the gadgets in your household no longer limited to just computers and mobile phones, when every big tech company from Amazon to IBM to Microsoft is investing billions in smaller smart devices, every new smart device that you add to your home presents as a potential vulnerability, open for exploitation by some kid in his basement who just so happens to be planning the next worldwide cyberattack. A few senators are working hard to fix that.
“The rapid the political direction to regulate Standards and regulations needs to be put in place to deal with the explosion in usage of IOT devices in both business and residential settings. The federal government’s latest initiative to implement specific standards with regards to smart devices shows their deep concern for the new threat that is cyberwarfare. While the bill itself will affect only government contractors, the administration’s huge purchasing power could mean better security for consumer devices as well.” - Ryan Tabibian, CEO of Daxima
The question of cybersecurity on the internet of things is too huge an issue to address all at once. Senators working across two different parties are now working together to focus public attention on one of the most important aspects of this situation. It is the question of establishing proper security standards for the sale of IoT devices meant for use by government agencies. Senators Cory Gardner, Steve Daines, Mark Warner and Ron Wyden have sponsored a new legislation known as The Internet of Things Cybersecurity Act of 2017, which, among other things, aims to establish realistic standards with respect to security in connected devices sold to the federal government.
“Recent events show that the IoT is an attractive vector for a cyberattack. By mandating that suppliers meet basic security requirements, the federal government is pushing the market to take cybersecurity considerations into account as early as the product and system design phases. Further, by requiring post-sale monitoring of vulnerabilities, the government is requiring entities to monitor and enhance a device’s cybersecurity throughout its life-cycle. Given the federal government’s purchasing power, this bill could move the entire IoT market toward better cybersecurity practices.” - David Navetta, Data Protection at Norton Rose Fullbright
From intelligent lights to sensor-enabled curtains, government agencies are buying smart devices by the dozens for use in architecture, agriculture and even defense. Consider the amount of devastation these technologies might cause when their vulnerabilities can leave open exploits for hackers to utilize when trying to invade into the networks of these government agencies. To prevent destruction like that from occurring, the proposed bill requires that manufacturers that sell smart devices to government agencies regularly patch their products for vulnerabilities and steer clear from using hard-coded passwords to access the devices via a backdoor.
Independent researchers have estimated that anywhere from 20 to 30 million smart devices will be connected to the internet by 2020. For a number so huge, great care must be taken to ensure that all the fancy new gadgets that we are bringing to our home in order to make it more fancy, don’t end up compromising its security. Despite repeated warnings, we find that many cheaper smart devices often lack any proper security infrastructure and don’t even come with the ability to receive regular patches to eliminate vulnerabilities. That’s very concerning, especially when the said devices are being purchased by the country’s defense department.
“After recent chain of events starting with the worldwide ransomware attack last month, it has been made clear that cybersecurity has to be one of the topmost concerns in the administrative policy of a nation. The concept of digitalized warfare has gained fuel, and it’s absolutely essential that we start taking measures to prevent attacks from this occurring again. The new senate bill, while not the most ironclad answer, is still a good step forward in this situation.” - Zohar Pinhasi, CEO of MonsterCloud
In the absence of dedicated legislation, this new bill is no silver bullet, it serves simply to ensure the most basic security requirements among smart devices. That is to say, that, this legislation goes only so far as any legislation can go in the matter of security, which is not very far. Security in the cyberworld is an ever-evolving term, one that requires constant and dedicated research impossible to be captured in pen and paper. The legislation in concern is not much of a safeguard in itself, but it is important inasmuch as it serves to bear evidence to the government’s growing concern for cybersecurity in the wake of an exceedingly large number of cyberattacks. What are your thoughts?