EXECUTIVE SUMMARY:
For an industry composed of 24 billion devices, and that’s expected to reach a market value of $922 billion in 2025, standards for IoT still rest entirely with the companies producing the products. Some companies may be gold medalists in offering built-in features and automatic software updates to protect consumers, but other companies could do better.
In an effort to create a more uniform approach to device security, a bill introduced by Senators Mark Warner (D-Va.), and Cory Gardner (R-Colo.) and House Representatives Will Hurd (R-Texas) and Robin Kelly (D-Ill.) proposes to issue standards for devices sold to federal employees.
Warner expressed concern that devices are “being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security.”
Federal employees are often targets of phishing, ransomware, and other forms of cyber threats. Improved device security could lead to fewer criminal incidents. The bill also includes a clause mandating review every five years to insure that codes of conduct continue to reflect technological trends.
Ultimately, “the hope is that by improving security standards for the federal government, one of the largest customers available, standards for the entire IoT market would improve along with it,” says CNET magazine.
This move follows California’s newly passed SB 327 that requires companies to implement “reasonable” security features to prevent intrusions, tampering or information disclosure, among other details.
The effort to get these bills underway reflects growing awareness of our changing threat landscapes and where our threats are coming from.
