Good. Yes, good. The Internet of Things Security Act is a great first step in securing our things. I am sure you are wondering, what does it really mean?
The federal government is proposing a bill that will require manufacturers of devices with internet capabilities (Internet of Things) to meet specific requirements. The idea is that if device creators want products they make sold to any branch of the federal government, they must comply with the following:
1. Devices must be able to be patched with security updates.
2. Devices must not have hard coded passwords that are not able to be changed.
3. Devices must be free of all known vulnerabilities when sold.
This is good news for consumers as the federal government is the largest organization in the United States and will drive the mandate for the private sector. This is even better news for anyone that has been affected by recent cyber attacks that leveraged our very own cable boxes, internet routers, IP cameras, and more. A bill like this is crucial in preventing future mass denial of service outbreaks as it makes devices much harder to compromise.
Anyone interested in a light 20 page read (ahem) view the actual bill here.
A somewhat overlooked piece of the bill that I found interesting is the fact that security researchers are going to gain a level of immunity when “ethically hacking” in the name of research. Today, a researcher could technically be prosecuted for actions conducted during security research if it violates the Computer Fraud and Abuse Act.
The Word on Security is a big fan of ethical hacking immunity for obvious reasons.
Be safe out there.