The Internet of Things Cybersecurity Improvement Act of 2017 directs that the vendors that supply the federal government with IOT devices must ensure they can be patched, don't have known security vulnerabilities, and don't have hard-coded passwords that can be changed.
The bill was introduced by Sens. Mark Warner (D-Va.), Cory Gardner (R-Colo.), Ron Wyden (D-Wash.), and Steve Daines (R-Mont.).
"While I'm tremendously excited about the innovation and productivity that Internet-of-Things devices will unleash, I have long been concerned that too many Internet-connected devices are being sold without appropriate safeguards and protections in place," Warner said in a statement. "This legislation would establish a thorough, yet flexible, guidelines for federal government procurements of connected devices. My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products."