With more people working from home due to the coronavirus pandemic, the need to secure Internet of Things (IoT) devices such as in-home wireless routers has become a topic of interest for the group tasked by Congress to shore up the nation’s cyber defenses.
“We’re in the process now of drafting the actual legislative proposal,” said Robert Morgus, director of research and analysis for the Cyberspace Solarium Commission. The proposal follows the Solarium’s March 11 report, released just days before the pandemic prompted mass telework.
An initial focus of the proposal is the security of routers, said Morgus, speaking at a June 3 online event hosted by the Commission to highlight the group’s white paper, released the previous day. The paper, of which Morgus is a principal author, features lessons learned from the pandemic, and number of new cyber-related recommendations for Congress, including the IoT recommendation.
“What we are striving for with this recommendation is some pretty baseline security requirements for IoT products and services,” said Morgus, mentioning unique authentication by default, requiring IoT devices to have new identification once plugged into a network, and ensuring devices are capable of receiving remote software updates.
There is pending legislation that requires security standards in Federal procurement of IoT devices. The goal with this proposal, said Morgus, is to elevate the security of all IoT devices.