It is estimated that by 2020, the number of connected devices will increase to 20.4 billion units, but their level of security will not be the same. IoT devices without built-in security features have become a fragile line of defense for hackers. In the face of problems such as default passwords and unrepairable vulnerabilities, the situation is very serious. At the Senate hearing last year, Defense Intelligence Director Lt. General Robert Ashley told lawmakers that insecure IoT devices are one of the “most important emerging cyberthreats.”
In view of this, members of the US Senate and House of Representatives proposed an Internet of Things Network Security Improvement Act on Monday, hoping to enact legislation on emerging technologies that lack national standards. In addition to requiring each company to improve the security of the connected devices it manufactures, the bill also seeks to set minimum security standards for any IoT devices used by the federal government.
Democratic Senator Mark Warner from Virginia said in a statement:
While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security.
It is reported that all IoT equipment suppliers sold to the US government must formulate a vulnerability disclosure policy so that government officials can keep abreast of relevant conditions. In addition, under the Act, NIST will review the relevant policies every five years.