Senators Warner, Gardner Introduce Legislation To Address Internet Of Things Security Concerns
This week, Senator Mark Warner (D-VA), the vice chairman of the Senate Select Intelligence Committee, suggested that Committee Chairman Sen. Ron Johnson (R-WI) “hasn’t been willing to move” a piece of legislation jointly introduced by Sen. Warner and Sen. Cory Gardner (R-CO) that aimed to address perceived weaknesses in the federal government’s acquisition of certain technologies.
The “Internet of Things Cybersecurity Improvement Act of 2017” is intended to prohibit federal agencies “from acquiring IoT devices and sensors that aren't patchable and that don't have changeable passwords,” according to FCW. However, the bill has not received a hearing or vote.
"It's really pretty wild because I've talked to NSA, I’ve talked to DHS, DOD, FBI, they all say this is the minimum we need," Warner told FCW. "They all say they’d like to see stronger security."
With an ever-increasing array of devices boasting the ability to connect to wireless and other networks making up the Internet of Things, the Senators see an enormous potential weakness.
Matt Leonard writes that the legislative failures at the federal level have left matters in states’ hands, with California attempting to address the same concern, having recently “signed into law legislation that would require manufacturers to have ‘reasonable security feature or features.’”
Some security experts suggest that a “patchwork” of differing state legislative attempts to address such a broad security concern is likely to lead to foreseeable failure, thus pointing toward continued work on a federal regulatory fix.
Meanwhile, industry representatives have suggested that the inverse is true and that attempts to regulate standards for rapid-changing technology industries are more likely to cause further issues, with the industry more likely to be on the cutting-edge than any regulatory framework can predict.
To that end, Tim Day, senior vice president of the Chamber Technology Engagement Center,” said in Congressional testimony this year, “Much like the Internet’s earlier phases, IoT will flourish under a flexible, non-regulatory policy regime.”