The Internet of Things (IoT) Cybersecurity Improvement Act was introduced simultaneously in the US Senate and the House of Representatives. The proposed legislation aims to improve the security of IoT devices purchased by the government. The bill recommends the National Institute of Standards and Technology (NIST) be in charge of issuing periodical recommendations for the federal government concerning cybersecurity, identity management, patching, and configuration management of IoT devices. Vendors that provide IoT devices to the federal government would have to comply with NIST recommendations in the matter (e.g. accepting security patches, changing passwords) and they will have to adopt co-ordinated vulnerability disclosure policies, which means that once a vulnerability is uncovered, that information should be published and disseminated. In addition, the NIST will be in charge of working with cybersecurity experts to address any possible vulnerabilities related to governmental IoT devices.
The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'.
Cybersecurity is among the main concerns of governments, Internet users, technical and business communities. Cyberthreats and cyberattacks are on the increase, and so is the extent of the financial loss.
Yet, when the Internet was first invented, security was not a concern for the inventors. In fact, the Internet was originally designed for use by a closed circle of (mainly) academics. Communication among its users was open.
Cybersecurity came into sharper focus with the Internet expansion beyond the circle of the Internet pioneers. The Internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its disadvantage.