IoT (internet of things) legislation makes an appearance in the U.S. Senate

By Cameron Abbott and Ella Richards

For those who are not familiar with the acronym, IoT or ‘Internet of things’ refers to the interconnection of network devices and everyday objects for increased control and ease of use.

The US Government has been steadily increasing the amount of IoT devices used in day-to-day business. In response to mounting concerns surrounding this, a bipartisan group in the Senate revealed a piece of legislation that will govern the use of IoT devices in the government context.

As we have blogged previously, the implementation of IoT brings with it an array of potential security issues and vulnerabilities. If hackers are able to access one device, there’s the possibility for them to manipulate others connected on the same network. This could result in national security risks, citizen information breaches or high-scale ransom attacks.

Under the bill, the National Institute of Standards and Technology (NIST) will give recommendations to the federal government, including minimum security requirements and how the government should approach potential cybersecurity issues. These policies and recommendations would be revisited every five years to keep them fresh and responsive to ever-changing cyber threats.

The potential that such standards would provide more industry wide guidance is to be encouraged, as several years into the growth of IoT there remains huge variability in security. The internet of things is generally less of a focus than most people’s computers, but the impact and ability to propagate is arguably greater.