US senators to introduce bill to secure ‘internet of things’

Thursday, 3 August 2017 00:00 - - {{hitsCtrl.values.hits}}

1500 A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017.Steve Marcus - Reuters

SAN FRANCISCO (Reuters): A bipartisan group of US senators on Tuesday plans to introduce legislation seeking to address vulnerabilities in computing devices embedded in everyday objects – known in the tech industry as the “internet of things” – which experts have long warned poses a threat to global cyber security.

The new bill would require vendors that provide internet-connected equipment to the US government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities.

Republicans Cory Gardner and Steve Daines and Democrats Mark Warner and Ron Wyden are sponsoring the legislation, which was drafted with input from technology experts at the Atlantic Council and Harvard University. A Senate aide who helped write the bill said that companion legislation in the House was expected soon.

“We’re trying to take the lightest touch possible,” Warner told Reuters in an interview. He added that the legislation was intended to remedy an “obvious market failure” that has left device manufacturers with little incentive to build with security in mind.

The legislation would allow federal agencies to ask the US Office of Management and Budget for permission to buy some non-compliant devices if other controls, such as network segmentation, are in place.

It would also expand legal protections for cyber researchers working in “good faith” to hack equipment to find vulnerabilities so manufacturers can patch previously unknown flaws.

Security researchers have long said that the ballooning array of online devices including cars, household appliances, speakers and medical equipment are not adequately protected from hackers who might attempt to steal personal information or launch sophisticated cyber attacks.

Between 20 billion and 30 billion devices are expected to be connected to the internet by 2020, researchers estimate, with a large percentage of them insecure.

Though security for the internet of things has been a known problem for years, some manufacturers say they are not well equipped to produce cyber secure devices.

Hundreds of thousands of insecure webcams, digital records and other everyday devices were hijacked last October to support a major attack on internet infrastructure that temporarily knocked some web services offline, including Twitter, PayPal and Spotify.

The new legislation includes “reasonable security recommendations” that would be important to improve protection of federal government networks, said Ray O’Farrell, chief technology officer at cloud computing firm VMware. (Reporting by Dustin Volz; Editing by Bill Rigby)

Discover Kapruka, the leading online shopping platform in Sri Lanka, where you can conveniently send Gifts and Flowers to your loved ones for any event including Valentine ’s Day. Explore a wide range of popular Shopping Categories on Kapruka, including Toys, Groceries, Electronics, Birthday Cakes, Fruits, Chocolates, Flower Bouquets, Clothing, Watches, Lingerie, Gift Sets and Jewellery. Also if you’re interested in selling with Kapruka, Partner Central by Kapruka is the best solution to start with. Moreover, through Kapruka Global Shop, you can also enjoy the convenience of purchasing products from renowned platforms like Amazon and eBay and have them delivered to Sri Lanka.