A bipartisan group of senators are calling on Congress to adopt security standards for for internet-connected devices bought by the government in a bid to further secure the nation’s computer systems from cyberattacks.
The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 would mandate that connected devices purchased by the government meet specific security standards if passed as lawmakers look to safeguard against cyberattacks spread by IoT products in the wake of a debilitating outbreak last October blamed on the Mirai botnet, a network of infected devices harnessed by hackers to cause large-scale internet outages in the U.S. and abroad.
The legislation was introduced Tuesday by the co-chairs of the Senate Cybersecurity Caucus, Mark Warner, Virginia Democrat, and Cory Gardner, Colorado Republican, along with Sens. Ron Wyden, Oregon Democrat, and Steve Daines, Montana Republican. It was drafted in consultation with experts from the Atlantic Council and the Berkman Klein Center for Internet & Society at Harvard University, among others, and has already amassed the support of tech companies including Mozilla, Cloudflare and Symantec.
“This legislation would establish thorough, yet flexible, guidelines for federal government procurements of connected devices,” Mr. Warner said. “My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”
In the case of Mirai, hackers compromised vulnerable household internet-connected devices ranging from webcams to routers and then used them to wage a massive distributed denial-of-service (DDoS) attack, a rudimentary but effective tactic used to logjam the internet by overloading web servers with illegitimate traffic, subsequently rendering high-profile websites including Twitter and Netflix unavailable to millions and triggering responses from federal agencies the world over including the U.S. Department of Homeland Security and FBI, among others.