Aww the internet of things. A strange and ephemeral virtual network where our refrigerators and stoves harmonize and communicate with our air conditioners and toaster ovens assuring a single “smart” home or office environment.
One day, perhaps, the IoT will assure life on Earth nears Nirvana-like perfection for all of its living inhabitants. We’ll never enter a room without it have been pre-cooled to our desired temperature and our ovens will never need to be preheated because their predictive algorithms will know we intend to bake cookies before it ever dawns on us to do so.
For now, however, the IoT is a clunky and inelegant thing patched together from innumerable overlays and sketchy network protocols. And it is ever so subject to hacking and infiltration. Leaving us susceptible, it would seem, to rouge coffee makers filling our bedrooms with espresso aromas at all hours of the night and ice machines that just won’t stop spewing the cold stuff, even when the bin is full.
Whether the threat of “killer appliances” is real or imagined or just made up by me, right now, in this blog post, I leave for you to decide. But Congress isn’t taking any chances.
In a new bill that went flying through yesterday, the House of Representatives passed a bill designed to better secure all of the appliances used by Government agencies from cyber-attacks. The bill is called IoT Cybersecurity Improvement Act of 2020 and it is found here. And lest anyone think this bill is more useful than that, it is specifically written to not include “conventional Information Technology devices, such as smartphones and laptops.”
No folks. This bill is designed exclusively and intentionally to protect the nation’s coffee makers and refrigerators. In the event of war, we simply cannot risk members of our valuable federal government being without these critical appliances.
To assure that the nation’s “infrastructure” is safe, the bill requires the National Institute of Standards and Technology to promulgate “standards and guidelines” for the Federal Government on the “appropriate use and management by agencies of Internet of Things devices” including “minimum information security requirements for managing cybersecurity risks associated with such devices.”
Allow me to translate: the House just passed a bill requiring rules to be developed for federal agency employees to abide by when handling their smart appliances.
As a few examples of what these rules should include: i) examples of possible security vulnerabilities of Internet of Things devices (I’m looking forward to that list); ii) considerations for managing the security vulnerabilities of Internet of Things devices (considerations?); and iii) identification management for IoT devices. (Identification management. For appliances.)
Well, while reasonable minds can disagree on the need for national standards to protect our national crockpots from foreign interference, it is nice to see that the House can come together to pass an important piece of legislation even in this era of crazed partisanship.
We’ll see if the Senate chooses to do the same.