Solution providers are applauding a new Senate bill designed to better secure Internet of Things devices used by government agencies.
The new bill, the Internet of Things Cybersecurity Improvement Act, targets companies supplying connected devices to the federal government with new requirements to better secure IoT devices.
Marc Harrison, president of Silicon East, a Marlboro, N.J.-based Intel partner, said that the bill signals a raised level of awareness around the vulnerabilities in connected devices.
"[IoT] manufacturers have zero motivation to do anything around security," he said. "This is a good necessary first step … it will create awareness around IoT security and put these manufacturers on notice. I think [the senators] understood that they don't want to get in the way of IoT becoming part of our society, but that these devices need security."
The bill requires manufacturers to ensure their IoT devices can be patched with security fixes and don't include unchangeable usernames or passwords.
The new bill was formed by a group of bipartisan senators, introduced by Sen. Mark Warner (D-VA) and Sen. Cory Gardner (R-CO).
Security vulnerabilities in IoT devices were underscored in October when a distributed denial of service [DDoS] attack – which was launched through IoT devices including webcams, routers and video recorders – overwhelmed servers at Dynamic Network Services, taking down up to 1,200 websites.
The frequency of DDoS attacks increased in 2016 due in part to IoT botnets, according to information service provider Neustar. The Sterling, Va.-based company said it mitigated 40 percent more DDoS attacks from January through November compared with the same span last year.
"We're seeing concerns about security across the board as distributed denial of service attacks become a bigger issue," said David Johnson, vice president of sales and marketing for The Fulcrum Group, a Keller, Texas-based solution provider. "Security is one of the major problems in the industry as there are huge security holes in devices as they become plugged into the network. Many devices that are connected might have default passwords left on them and are vulnerable to hackers."
The October DDoS attack was big enough to draw attention from the government, and in November the Department of Homeland Security Tuesday released new guidelines surrounding Internet of Things security, promoting transparency between IoT manufacturers, service providers and consumers through "coordinated disclosure of vulnerabilities."
While this most recent effort by the government puts a spotlights on IoT security, Silicon East's Harrison said that the channel will still have a bigger role to play in raising awareness around and securing connected devices for customers in vertical markets.
"At the end of the day, it's still our responsibility to ensure networks are secure," he said. "There's no substitute for that."