SDxCentral
Join Login
SD-WAN 3 5G 10 Edge 9 IoT 4 SDN 5 NFV 6 Containers 10 Cloud 15 Security 8 AI 9 Data Center 4 Storage 4 APM/NPM 2 Open Source

Login to SDxCentral

Your login link has been emailed to you.

Or login with your password

Enter Your Password

Forgot your password? Login as a different user?
  • Newsletters
  • eBriefs
  • Podcasts
  • Webinars
  • Videos
  • Directory
  • White Papers
  • Resources
  • Use Cases
  • Support

Join SDxCentral and get information tailored to your particular interests everyday.

Join
Sponsored:
Dell EMC 7 Citrix Riverbed 1

Senate Bill Would Ban Hard-Coded Passwords in IoT Devices

Senate Bill Would Ban Hard-Coded Passwords in IoT Devices
Linda Hardesty
Linda HardestyAugust 2, 2017
11:48 am MT

A bipartisan group of U.S. senators today introduced a bill spelling out some security criteria for vendors who supply the U.S. government with Internet of Things (IoT) devices.

U.S. Sens. Mark Warner (D-VA) and Cory Gardner (R-CO), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Ron Wyden (D-WA) and Steve Daines (R-MT), introduced the IoT Cybersecurity Improvement Act of 2017. The bill would require that devices purchased by the U.S. government meet certain minimum security requirements.

Vendors would have to ensure that their devices do not include hard-coded passwords that can’t be changed. The factory-set, hardcoded passwords of IoT devices have been the source of some major security breaches over the past year.

In September 2016 some malware named Mirai hit the KrebsOnSecurity website with a record 620 Gb/s attack. Mirai enlisted unsecure IoT devices that were connected to networks and used them as “bots” to bombard the KrebsOnSecurity site with requests.

Mirai struck again in October 2016 with another distributed-denial-of-service (DDoS) attack. This one caused outages at sites such as Twitter and Netflix. The attack was directed at Dyn, a Domain Name Service (DNS) provider, which translates web URLs into IP addresses. Dyn is vital to the Internet.

According to Cisco’s most recent Visual Networking Index, the number of DDoS incidents grew 172 percent in 2016, and will increase 2.5-fold to 3.1 million globally by 2021.

Besides banning hard-coded passwords, the Senate legislation requires that vendors make their IoT devices patchable and that they make them free of any known security vulnerabilities. Additionally, vendors must make devices based on standard protocols.

In today’s announcement of proposed legislation, Jonathan Zittrain, co-founder of Harvard’s Berkman Klein Center for Internet & Society, said “Internet-aware devices raise deep and novel security issues, with problems that could arise months or years after purchase, or spill over to people who aren’t the purchasers. This bill deftly uses the power of the federal procurement market, rather than direct regulation, to encourage Internet-aware device makers to employ some basic security measures in their products.”

Related Articles

Dell Four-Way Endpoint Security Play Targets the Mid-Market
Dell Four-Way Endpoint Security Play Targets the Mid-Market
Cisco Boosts IoT Management Security With New Dev Tools and Hardware
Cisco Boosts IoT Management, Security With New Dev Tools and Hardware
Juniper CEO ‘Disappointed’ With Q4 Revenue, Weak Cloud Sales Persist
Juniper CEO ‘Disappointed’ With Q4 Revenue, Weak Cloud Sales Persist
IBM and Google Create New Certifications for Data Scientist and Cloud Skills
IBM and Google Create New Certifications for Data Scientist and Cloud Skills
Cumulus and Nutanix Integrate HCI, Open Networking
Cumulus and Nutanix Integrate HCI, Open Networking
Huawei Takes 5G Supremacy Shot at ZTE
Huawei Takes 5G Supremacy Shot at ZTE
SDxCentral Daily News

Join your Peers! Subscribe to SDxCentral's Newsletter

Article Tags:

Breaking News Security

Linda Hardesty

About Linda Hardesty

Linda Hardesty was the Executive Editor at SDxCentral where she oversaw the news coverage for a team of writers. She's been a trade journalist since the mid-1990s, alternately writing about telecommunications and energy. Prior to SDxCentral, she was editor of Energy Manager Today. Previously, she wrote for Cable World magazine and Communications Technology. Linda can be reached at lhardesty@sdxcentral.com.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Subscribe to Get the Daily News!

About SDxCentral

  • Newsletters
  • About Us
  • Contact Us
  • Work With Us
  • Editorial Team
  • Careers
  • Legal
  • Support

Engage With us

This material may not be copied, reproduced, or modified in whole or in part for any purpose except with express written permission from an authorized representative of SDxCentral, LLC. In addition to such written permission to copy, reproduce, or modify this document in whole or part, an acknowledgement of the authors of the document and all applicable portions of the copyright notice must be clearly referenced. All Rights Reserved.

© 2012-2019 SDxCentral, LLC, All Rights Reserved. SDNCentral™, the SDNCentral logo, SDxCentral™, SDxCentral logo, SDxNews™, SDxTech™, SDx™, the SDx logo, and DemoFriday™ are trademarks of SDxCentral, LLC in the U.S. and other countries.

  • Terms of Service
  • Privacy

Please enter your Business Email to view this asset:

We are requesting you provide a valid business, education, non-profit or government email address not from free or temporary email providers or ISPs. If you feel that our filters are incorrectly disallowing your email, please contact us at support@sdxcentral.com.