skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view


A bill has been introduced into the US Congress aiming to require certain security standards for Internet of Things (IoT) devices sold into the US government. This is a good first step, raising the issue in the minds of manufacturers and potentially setting a de facto standard.

Legislation raising the profile of IoT security is good news

The distributed denial-of-service (DDoS) attack on DNS service provider Dyn in October last year resulted in significant portions of the internet being offline in North America and parts of Europe for several hours. It was also the first major DDoS exploit to use a botnet of IoT devices, namely thousands of CCTV cameras and printers infected with the Mirai virus, and dramatically demonstrated how insecure devices can and will be harnessed by cybercriminals.

We have also seen, over the last two years, attacks on critical infrastructure in Ukraine by what security researchers believe to be the Russian group Sandworm, resulting in a cessation of electrical supply to entire sections of the country in the depths of winter.

These episodes demonstrate a growing risk of attacks launched from the IoT, but also of attacks on internet-connected operation technology devices (aka the Industrial IoT, or IIoT). Thus, the US initiative is a welcome first move in the direction of obliging vendors and practitioners of IoT to build security into their devices and networks.

The Internet of Things Cybersecurity Improvement Act of 2017 (IoT-CIA), which was introduced into the US legislative branch last week, aims to ensure that manufacturers of equipment to be sold and deployed into federal government IoT networks meet security standards. There is provision, among other things, for guaranteeing patchability and avoiding default passwords, all of which is a positive move that should spur other governments to think along similar lines.


Further reading

"Concerns around security and privacy continue to haunt the smart home market," TE0003-001015 (April 2017)

"Nokia addresses the need for IoT security through its NetGuard IoT security solution," IT0012-000200 (March 2017)

Security Implications of the Internet of Things, IT0022-000277 (December 2014)


Rik Turner, Principal Analyst, Infrastructure Solutions

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316

Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now