On Tuesday, U.S. senators introduced legislation to improve the government's digital defenses against hacks. The bill targets connected devices and comes just one year after a cybersecurity attack crippled websites including Twitter and Spotify.
Mark Warner (D.-Va.), Ron Wyden (D-Ore.), Cory Gardner (R-Colo.), and Steve Daines (R-Mont.) unveiled the "Internet of Things Cybersecurity Improvement Act 2017" on Tuesday. The new bill would require tech companies that sell connected devices to the U.S. government to ensure their products can be patched with security updates. It would also prevent those vendors from selling devices that have unchangeable passwords.
"What we're saying with internet of things devices is, if you've got hard-coded passwords or they're not able to be patched, because they're cheaper or smaller devices, that can't be standard protocol," Warner told Recode.
Last year, hackers prevented access to popular sites by weaponizing connected devices. It didn't last long, but the attack showed the harmful vulnerabilities of products such as fitness trackers and smart sensors.
Despite the hack, the internet of things is a fast-growing market that has dominated both the home and fitness sectors. In the first quarter of this year, $1.2 billion in funding was given to companies that build or work with connected devices, according to CB Insights. What's more, federal agencies spent about $4 billion on "sensors and data collectors" between 2011 and 2015, according to the business intelligence platform Govini.
"We're trying to take the lightest touch possible," Warner told Reuters. He added that the legislation was meant to fix an "obvious market failure" that left connected device companies with little incentive to build with security in mind.