CONGRESS TO SMART DEVICE MAKERS: YOUR SECURITY SUCKS

Four senators propose the "Internet of Things Cybersecurity Improvement Act," calling for minimum security standards for connected devices.

Congress wants to fix the notorious security problems associated with the internet of things -- at least for themselves.

On Tuesday, Sens. Mark Warner, Cory Gardner, Ron Wyden and Steve Daines introduced the "Internet of Things Cybersecurity Improvement Act," (PDF) a bill that would force tech companies to ramp up security if they want to sell connected devices to the federal government.

Security on internet-connected devices hasn't kept pace with a market that is expected to grow to 20.4 billion IoT devices globally by 2020. Gadget designers to tend to make IoT devices as simple as possible, which can often mean sacrificing security.

The trade-off has meant that thousands of IoT devices -- everything from connected security cameras to sex toys to baby monitors -- can easily be hacked. The senators' proposed bill aims to ensure vulnerable devices aren't used by the federal government.

The bill would would require IoT devices sold to the federal government have the ability to be patched and don't use hard-coded passwords. The last part is important because connected devices often come with a passwords like "admin," which are easy for hackers to guess but can't be changed. Thanks to thousands of cameras and DVRs with hard-coded passwords, a massive distributed denial of service attack, or DDoS, was able to take down a major portion of the internet last October.

"My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products," Warner said

CNET NEWS