US senators introduce new bill aimed at securing IoT devices

A bipartisan group of US senators have introduced a new bill to better secure Internet of Things (IoT) devices and to protect security researchers as they attempt to find vulnerabilities in these devices. 

The Internet of Things Cybersecurity Improvement Act 2017 will require manufacturers that supply the US government with connected devices to comply with industry-wide security practices.  

For instance, smart sensors and wearables must be able to be patched with security fixes and devices must no longer come with unchangeable usernames and passwords as this practice played a big role in last October's attack.  

The massive DDoS attack that brought down Dyn's domain name service last October was referenced as a major influence behind the new bill, as hackers were able to exploit poor security in IP cameras, home controllers and other IoT devices to infect them with the Mirai malware and create an IoT botnet

The Act also aims to promote that the government is leading by example, preventing attackers from gaining access to federal systems without slowing down the progress and innovations currently developing around connected devices. 

A caveat to the bill was also added by the senators that would help expand legal protections for security researchers working with IoT devices.  Under the new bill, they would be exempt from federal hacking laws when searching for vulnerabilities within these devices.    

This exemption may just encourage more security experts to work in the field and to report vulnerabilities that could lead to security flaws being patched sooner. 

Image Credit: Everything Possible / Shutterstock