A cross-party delegation of US politicians have introduced a bill which will aim to create minimum security standards for any IoT devices used by government agencies and departments.
Led by Democratic Congresswoman Robin Kelly and Republican Congressman Will Hurd, the bill has gained notable support already. While this is a perfectly logical step forward to ensure the integrity and resilience of government systems, the fact the politicians seem to be taking an impartial approach, not targeting a single company or country, is much more encouraging.
“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure,” said Kelly. “Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices. It’s estimated that by 2020 there will be 30 million internet-connected devices in use. As these devices positively revolutionize communication, we cannot allow them to become a backdoor to hackers or tools for cyberattacks.”
“Internet of Things devices will improve and enhance nearly every aspect of our society, economy and our day-to-day lives,” said Hurd “This is ground-breaking work and IoT devices must be built with security in mind, not as an afterthought. This bipartisan legislation will make Internet of Things devices more secure and help prevent future attacks on critical technology infrastructure.”
When discussing digital security, a mention of Huawei or China is never far away, but this seems to be an effort to mitigate risk on a much grander scale. Yes, the US does have ideological enemies it should be wary of, but it is critical politicians realise there are risks everywhere throughout the digital ecosystem.
It is easy to point the finger at China and the Chinese government when discussing cybersecurity threats, though this is lazy and dangerous. Having too much of a narrow focus on one area only increases the risk of exposure elsewhere. Such are the complexities of today’s supply chain, with companies and components spanning different geographies and sizes, the risk of vulnerability is everywhere. It is also very important to realise cybercriminals can be anywhere; when there is an opportunity to make money, some will not care who they are targeting. Domestic cybercriminals can be just as much of a threat as international ones.
This impartial approach, applying security standards to IOT devices regardless of origin, is a much more sensible approach to ensure the integrity of networks and safeguard sensitive data.
Of course, this is not necessarily a new idea. Many security experts around the world have been calling for a standardised approach to IOT security, suggesting certification processes with minimum standards. Such a concept has already been shown to work with other products, such as batteries, therefore establishing a baseline for security should not be considered a particularly revolutionary idea.
What is also worth noting is that while this is a good idea and will improve protections, it is by no-means a given the bill will pass into a law. A similar bill was launched in 2017, though it was quashed.