A bipartisan group of U.S. senators introduced a bill Tuesday that aims to ensure the vast amount of internet-connected devices available now and in the future can’t be easily hacked.
The measure, if ultimately passed, would mandate that vendors who provide the U.S. government with certain devices, guarantee the complete virtual safety of their products.
The legislation, formally titled the Internet of Things (IoT) Cybersecurity Improvement Act of 2017, was officially proposed by Democratic Sens. Mark Warner of Virginia and Ron Wyden of Oregon, as well as Republican Sens. Steve Daines of Montana and Cory Gardner of Colorado. They reportedly collaborated with several security experts from various institutions, including a research organization within Harvard University and the Atlantic Council.
IoT is a growing concept as computer chips become cheaper and consumers’ desire and interest in the efficiency of advanced products steadily grow. From relatively mundane devices like refrigerators to vending machines, more and more everyday items are becoming connected to the internet. But the IoT isn’t just for relatively trivial parts of life. In fact, IoT application is estimated to rake in $11.1 trillion per year by 2025 by streamlining and generally improving several processes and activities, according to a report conducted by the McKinsey Global Institute.
It could also save lives.
The McKinsey report continues:
Using IoT technology for more continuous and consistent monitoring of patients with chronic diseases can help patients avoid medical crises, hospitalizations, and complications. Monitoring with conventional tools has fewer benefits for four reasons: 1) they provide only episodic readings (when blood is drawn, for example); 2) tracking must be done in high-cost settings such as hospitals, which leads to treatment avoidance; 3) patients often fail to adhere to prescribed treatment; and 4) a limited ability to identify problems in a timely manner before they develop into costly or even fatal conditions … without access to continuous time series of data, physicians often cannot detect critical changes in patient conditions early enough to prevent emergencies. For example, a doctor with access to real-time data on warning signs such as a sudden weight gain in a patient with chronic heart failure (likely indicating water retention) would be able to identify likely exacerbation before hospitalization is required.
But with the extra convenience, as well as highly significant tangible benefits, comes the prospect of infiltrating the systems and then virtually commandeering the device for nefarious purposes. (RELATED: Someone Used Hacked Vending Machines To Hold A University’s Internet Hostage)
Known as a distributed denial of service (DDoS) attack, perpetrators infiltrate and take internet-connected devices hostage and direct them and the respective unique Internet Protocol (IP) addresses (the numerical label assigned to every device) to targeted online systems, completely inundating them in the process.
The online systems become so overwhelmed that they are essentially defective, which can cause catastrophic consequences. (RELATED: Massive Cyber Attack Hits 16 British Health Facilities, Causing Chaos In Emergency Rooms)
Michelle Richardson, Deputy Director of the Center for Democracy & Technology’s (CDT) Freedom, Security and Technology project, says the bill does two important things.
“First, it secures government networks, which helps protect national security information, critical infrastructure, and the sensitive information the government collects about every day people,” she told The Daily Caller News Foundation. “Second, it has the potential to change the industry as a whole. The government’s buying power may be able to drag devices into more secure territory since so many manufacturers want to land government contracts.”
Senior staff attorney Lee Tien of the Electronic Frontier Foundation, a digital rights group, agrees, but stopped short of a full approval.
“Manufacturers need to step up to make Internet-connected technologies used by millions of Americans more secure,” Tien told TheDCNF. “Researchers and scientists who work to find software vulnerabilities in these technologies face legal jeopardy because of over broad and abused anti-hacking and anti-piracy laws like the Computer Fraud and Abuse Act and the DMCA [Digital Millennium Copyright Act]. They need legal protections to continue their important work. The bill seeks to address these issues, but the devil is in the details.”
It is estimated that there are at least 170 million internet-connected devices susceptible to hacking in the U.S., and there will be 20 billion such devices in general by 2020. The senators championing the recent bill want to ensure that at least the products being sold to the government are held to a higher security standard.
“While I’m tremendously excited about the innovation and productivity that Internet-of-Things devices will unleash, I have long been concerned that too many Internet-connected devices are being sold without appropriate safeguards and protections in place,” Warner said in a statement. “This legislation would establish thorough, yet flexible, guidelines for Federal Government procurements of connected devices. My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”
If the bill goes too far in its requirements and restrictions, it could cause the government to unduly miss out on viable products. Nevertheless, Richardson says it appears so far to be a good example of a policy that strikes a balance.
“It is the softest government touch possible,” said Richardson. “The only two other options are directly regulating the products or imposing liability on manufacturers who make insecure devices.”
Send tips to firstname.lastname@example.org.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact email@example.com.