The U.S. Congress has just passed a cybersecurity bill that expects the industry at large to improve security measures included in Internet of Things (IoT) devices.
The IoT Cybersecurity Improvement Act states that the National Institute of Standards and Technology (NIST) establishes the security requirements to be adhered to by all IoT technology manufacturers seeking to work with the federal government, mainly in areas such as vulnerability correction or user identity verification.
The central theme is to provide federal agencies with the ideal cybersecurity mechanisms, as well as encouraging manufacturers to adopt the highest standards regardless of whether they work with the U.S. government: “We hope to make a significant impact on the overall market, benefiting businesses and consumers,” says Senator Mark Warner, one of the project’s main drivers.
Efforts to improve IoT security did not begin in Congress. Years ago, researchers and consumer advocacy organizations began to point out the need to improve security on these devices, not to mention that the U.S. government is increasingly investing in this technology, so it has become necessary to strengthen its security.
The proposing legislators went through a long process before the approval of the project, which was subject to multiple modifications. The first version, for example, was extremely detailed about the exemptions to apply the standards to contracting companies, which did not reach the Senate.
Changes in the industry have also contributed to the modification of the project to its final version: “In the nearly four years since this bill was introduced, we have seen considerable advances by the industry in areas such as recognition of IoT security risks, either as part of huge DoS attacks such as those related to the Mirai botnet, or in the efforts of threat actors to compromise this infrastructure,” says Senator Warner.
Suzanne Spaulding, director of the Defending Democratic Institutions project at the Center for Strategic and International Studies, believes this is a big step forward in terms of cybersecurity: “The final version may be improved, but it’s a great starting point for important achievements,” she concludes.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
