Politicians on both sides of the Atlantic are considering laws to tighten cyber security for the so-called Internet of Things (IoT). The rules would cover devices that aren't traditional computers or phones but still connect to the Internet.

The United States Congress is considering the Internet of Things Cyber Security Improvement Act. It's been examined by a Senate committee and is currently awaiting a date to be examined by the Senate as a whole. However, there's no guarantee it will be heard before the end of the year and newly elected or re-elected Senators taking their seats.

Agency To Set Standards

It's the third such attempted law in the US, all of which have tried to leverage the government's buying power as an incentive rather than affecting sales to private citizens. The first arguably failed because manufacturers objected to specific requirements. Contrastingly, the second was considered too vague by those arguing for tighter security measures.

The current attempt doesn't set out any specific measures that manufacturers must follow. Instead, it says the National Institute of Standards and Technology should set out standards and guidelines that apply to any devices the federal government uses or controls. (Source: congress.gov)

Meanwhile, the United Kingdom's government has published proposals for a law that would set out three specific requirements for any "smart" products sold in the country, whether to government or consumers.

No Dumb Passwords

The first is that the default password on any device must be unique to that device and avoid generic terms such as "admin".

The second is that all manufacturers must provide a way for users to report security flaws.

The third is that buyers must know at the time of purchase how long the product will continue to receive updates including security patches.

How the law will be enforced is still under discussion. Suggestions include bans on selling products that don't follow these guidelines, mandatory recalls, confiscation and destruction of stocks, and fines for offenders. (Source: which.co.uk)

What's Your Opinion?

Do you support either of these proposals? Should smart device security be a legal issue or should it be left to market forces? What product features would make you confident about the security of gadgets?