It’s no surprise that the world of IoT has opened up the smart home to hackers. With more and more devices connecting to the internet, hackers have a wide selection of ways to digitally “break into” someone’s home. With your new security cameras, watching over the Internet is very convenient, but what if a hacker manages to get a hold of that footage instead?
In order to protect consumers and businesses from the dangers of sloppily-produced IoT gadgets, device security standards have to be set. This then ensures products are of a sufficiently high quality to be sold to the public. The Cybersecurity Improvement Act has been created to work out what, exactly, a smart device needs to have in order to be secure enough to put on the shelves.
What Is the Cybersecurity Improvement Act?
This act is designed to list what a gadget that can connect to theIinternet has to have before it’s legal to sell.
The list of things developers need to do are as follows:
- The product is shipped without any known security flaws
- The product has the capacity to receive security updates should a flaw appear after production
- The product follows all current standards for security and doesn’t use alternate, unapproved methods
- The product does not use hard-coded, unchangeable login credentials to access its control panel
- If a flaw is found, the company must update the firmware or software in a timely manner
- For the developers to provide information on how security patches are delivered, the security cover ends, and a notification is sent for when said security ends.
This may seem like very basic rules that every developer should follow, but the amount of products being released without this kind of functionality is a little shocking. As such, rules and laws have to be created to force developers to put the bare bones of product security in their products.
How Does It Affect Us as Users?
With this law coming into effect, what can we expect from the future of IoT?
Unfortunately, this law is US-based, so only the USA will benefit for the time being. At the very least, however, it will force US manufacturers to ensure their products are up to scratch before they hit the shelves, which will ripple through their products that are exported overseas.
With all these extra boxes for manufacturers to tick, users should see pure benefits from this act. Devices will be under far heavier scrutiny to be fully-equipped with defenses before they enter your home. It should raise the quality of security on the Internet of Things and cause less hacked and compromised devices as a whole.
That’s not to say the devices will be totally hackproof, however! Devices will still have exploits that go undiscovered during testing, and people will still set their devices up incorrectly and leave them open to hackers. As far as “ticking the boxes” for the basics, however, this act should strengthen cybersecurity in general.
Caught in the Act
With IoT devices hitting the mainstream market, it’s crucial that laws are set out to protect consumers from being burned by sloppy practices. This is exactly what the Cybersecurity Improvement Act sets out to do, and we should see US-made devices become more secure as a result.
Do you think this will be enough to lower the amount of cyberattacks on IoT gadgets? Or will hackers keep finding flaws in firmware as normal? Let us know below.