A massive DDoS attack in October 2016 that blocked access to many popular websites, including Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal and others, used home devices connected to the Internet of Things (IoT) to carry out the attack. As Forbes defines the IoT, “Simply put, this is the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other). This includes everything from cellphones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of. This also applies to components of machines, for example a jet engine of an airplane or the drill of an oil rig.”
Pacemakers and CT scanners become targets of ransomware
Intel reports that the Internet of Things will connect more than 200 billion devices by the year 2020, and security experts are concerned the IoT is extremely vulnerable to attack because of lax security. CEO Online suggests basic security measures should include a way to patch bugs in the software and forcing users to change the devices’ default passwords.
Now, four U.S. senators have introduced bipartisan legislation to improve the cybersecurity of internet-connected devices. The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 would require devices purchased by the U.S. government to meet certain minimum security requirements.
Although the bill would only apply to devices purchased by the federal government, it would use the massive purchasing power of the federal government to require a basic level of security in virtually all internet-connected devices, as vendors wishing to sell to the government will apply those security measures to all the devices they sell. According to Brian Krebs, “the bill would require vendors of Internet-connected devices purchased by the federal government make sure the devices can be patched when security updates are available; that the devices do not use hard-coded (unchangeable) passwords; and that vendors ensure the devices are free from known vulnerabilities when sold.”
The proposed Senate bill is a long way from becoming law; however, a corresponding measure has been introduced in the House of Representatives. The idea behind both bills is to establish basic safeguards that will be adopted by manufacturers, ultimately making all connected devices safer.