Cybersecurity leaders have said a lot to us the last few years about a seemingly illusive dream.
The dream is of a day when IoT device inventors and manufacturers take security seriously and build it in, instead of bolt it on.
That dream may soon get a shot in the arm. It could become a requirement to do IoT business with the federal government under a bill just approved by a Congressional committee.
Under the legislation, agencies would only be able to buy devices that accept security patches and let users change default passwords, features that aren’t available for many of the billions of internet-connected devices sold every year.
Vendors would also be responsible for alerting the government to security vulnerabilities as they arise and promptly patching those bugs.