As internet-connected devices are getting more and more popular, lawmakers are looking at new ways to help protect consumers — and ensure their data isn’t being put at risk by the companies that hold it.
At the federal level, there have been a number of attempts to add regulations that would protect owners of internet of things devices. The Cybersecurity Improvement Act of 2019, introduced last month by Senator Mark Warner of Virginia, would create new requirements for internet-connected devices. The details of the bill are a bit sparse, but it would require the National Institute of Standards and Technology to develop new recommendations for device makers to follow. Those rules would aim to shore up some of the cybersecurity shortcomings that currently plague internet-connected devices, like easy-to-guess default passwords that put millions of products and the households that have them at risk.
“The IoT Cybersecurity Improvement Act attempts to … provide light-touch guidance and security requirements for IoT devices to protect the industry and ultimately the consumer,” wrote North Carolina Rep. Ted Budd, a co-sponsor.
From Internet connected watches to Internet connected thermostats, as the Internet of Things is integrated into our most private areas, consumers should have the assurance that these devices are secure and fend off unwanted intrusion. #orpol #orleg https://t.co/dtH4OvXxG3
— Jennifer Williamson (@Jennifer_for_OR) April 16, 2019
In Oregon, lawmakers are pursuing a similar path. The state’s House of Representatives recently passed a bill that will require each smart device sold in the state to come with a unique password. The extremely simple requirement is one of the easiest ways to mitigate brute force attacks, in which hackers are able to crack the protection on devices because they use a default password that owners often opt not to change. Hackers can then set up botnets and other attacks that can target many devices at once.
Oregon’s law would also require device manufacturers to follow any federal laws that are passed if they implement stricter requirements than the state’s own laws.
- Democrats aim to save the internet and restore net neutrality
- Yes, data is the new oil and the fight to reclaim it from tech giants starts now
- How to password protect a PDF
- Who should fix Internet of Things cybersecurity? Congress takes a crack at it
- Get ready to say goodbye to some IFTTT support in Gmail by March 31