An effort in the U.S. Senate has been launched to impose tougher information security protocols for the Internet of Things (IoT). The IoT Cybersecurity Improvement Act would require that smart devices meet basic standards if they are to be used by federal agencies.
Many in the IoT community support the proposed legislation. Steve Brumer of 151 Advisors — a company specializing in IoT and cloud-based technologies — states that such regulations will be good for the industry, since government agencies will be forced to dedicate spending on upgrading their systems, an area that is oftentimes neglected by budget decision makers.
Brumer points to the WannaCry hack as an example of what can happen when security upgrades and patches have not been installed due to widespread bureaucratic inaction. He says the biggest threat to IoT security is the already known security weaknesses that can be patched by users with available security updates and software, but have not been. Hackers know of these weaknesses and can exploit them in many defenseless devices.
This kind of indirect government funding will help the private sector to continue to develop cyber safety products that will be less expensive moving forward. But Brumer adds that without global IoT standards, all such defenses will be “Band-Aid” in nature. He thinks widespread government security regulations will be a first step in forcing better standards to be developed. In 2015 the U.S. government’s IoT spending topped $9 billion.
In a survey carried out by Canonical, the maker of the Ubuntu operating system, nearly half of IoT professionals cited the need for better cybersecurity for their industry. The capability to remotely patch IoT devices was emphasized. Canonical Ubuntu Core system has remote patching integrated into it.