The Internet of Things (or IoT) has long been a blessing and a curse. On one hand, it allows us to build a sci-fi world, where we can ask our speakers to play a different song or our refrigerators can text us when we’re out of milk. On the other hand, the IoT has produced veritable horror stories.
For one example, one pair of diligent, caring parents ventured into their toddler’s nursery one night to hear a strange man’s voice whispering to their baby through the smart monitor. For another, a smart car - the kind that connects over Wi-Fi to a smartphone app so drivers can lock, unlock, cool, and heat their vehicles remotely - was hacked while its driver was behind the wheel. The hacker could control every aspect of the car, from the windshield wipers to the brakes, and there was nothing the driver could do to intervene as the hacker cut his transmission and brought the car to a halt.
Because the IoT is rapidly expanding, IoT security is on nearly everyone’s minds - including legislators’. In fact, in the coming months, the U.S. senate is scheduled to discuss and vote on a new bill that concerns IoT security: the Internet of Things Cybersecurity Improvement Act of 2017. However, whether this bill will help or hurt our budding sci-fi future has yet to be determined.
What the Bill Entails
Published in the beginning of August, the bipartisan bill is supposed to improve America’s internet security in general, but much of the bill is directed specifically at the IoT. After mentioning the enormous benefits of the IoT to the American economy - and highlighting the tech’s extreme complexity - the bill documents the system’s absurdly high vulnerability to outside attacks.
While this is certainly dangerous to individuals using IoT devices, the bill’s publishers are primarily concerned about government applications. Thus, the bill intends to force B2G companies selling IoT tech (or any web-connected devices) to ensure all gadgets sold to feds are patchable, exclude vulnerabilities, and lack hard-coded passwords. Additionally, the bill demands the development of network-level security requirements for devices with processing capabilities, and perhaps most notably, mandates a government inventory of all internet-connected devices used by executive agencies.
On one hand, the passage of this bill could shore up all IoT defenses - not just the IoT destined for D.C. Instead of bothering with different security standards for various devices, IoT companies would undoubtedly adhere to federal rules with all their tech.
The bill also presents more than a few challenges. First, the bill repeatedly uses the term “internet-connected devices,” which it defines vaguely as any object “capable of connecting to and…in regular connection with the internet” and that “can send or receive data.” As you might already have guessed, this includes laptops, tablets, and smartphones, which makes the bill much broader and bolder than it initially seems. Though improving security for laptops, tablets, and smartphones isn’t a bad idea, it shouldn’t be an accidental mandate that puts such extreme pressure on tech companies.
How We Can Fix the IoT
It is unwise to assume that the U.S. Senate can fix the IoT. IoT spending is on course to exceed $800 billion by the end of 2017 and nearly $1.4 trillion by 2021. Should the Internet of Things Cybersecurity Improvement Act of 2017 pass, the government could be tasked with cataloging millions of individual gadgets and devices - billions if they include computers and smartphones. The number of devices affected by this legislation, as well as the funds necessary to carry out its mandates, will only grow with time.
Most experts believe other solutions are more reasonable and thus more likely. Several cybersecurity firms offer IoT security services, which function just like anti-malware programs on computers. The service is typically installed on a network-connected computer and scans IoT devices regularly for security risks. As home automation networks grow, these services will become integral to keeping a home safe. An improved router could provide the same function, serving as an IoT hub that monitors traffic from every connected device. Alternatively, creating a virtual private network (VPN) expressly for IoT devices might keep them separate and safe.
This bill is an interesting new development in IoT security, and if nothing else, it has reinvigorated discussions about how to keep the IoT alive and protected. All we can do now is wait - and hope the Senate knows more about cybersecurity than climate change.
Rehan Jiaz is an entrepreneur, business graduate, content strategist and editor overseeing contributed content at SmartdataCollective.com. He is passionate about writing stuff for startups. His areas of interest include digital business strategy and strategic decision making.