Senate Bill Would Establish Security Requirements for Internet-Connected Devices

1 min read

Four senators have introduced a bipartisan bill that would require federal suppliers of internet-connected devices to ensure that their products are free of “hard-coded passwords” and cyber vulnerabilities, patchable and comply with industry standard protocols.

The Internet of Things Cybersecurity Improvement Act of 2017 calls for the Office of Management and Budget to establish network-level security requirements for IoT devices with limited software and data processing capabilities, Sen. Mark Warner’s (D-Virginia) office said Tuesday.

The legislation would also require the national protection and programs directorate within the Department of Homeland Security to introduce guidelines on cyber vulnerability disclosure regulations and exempt researchers that conduct studies in compliance with such guidelines from liability under the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act.

Lawmakers also proposed to require an inventory of all IoT devices used by each executive agency.

The senators drafted the bill in consultation with security professionals from Harvard University’s Berkman Klein Center for Internet & Society, Atlantic Council and other organizations.

The measure also has endorsements from companies such as VMware, Symantec, Mozilla, Neustar and Cloudflare.

Warner proposed the bill with Sens. Cory Gardner (R-Colorado), Ron Wyden (D-Washington) and Steve Daines (R-Montana).