Connecticut Democrat Wants Aggressive FTC Action on IoT Device Cybersecurity
Sen. Richard Blumenthal, D-Conn., urged the FTC to take aggressive action to ensure that IoT-connected devices meet basic security standards aimed at preventing cyberattacks. House Commerce Committee ranking member Frank Pallone, D-N.J., and House Commerce Trade Subcommittee ranking member Jan Schakowsky, D-Ill., also urged FTC action on IoT device cybersecurity (see 1611030037). Congressional attention on IoT security has increased since the late October distributed denial-of-service attacks against DynDNS. The attacks caused outages and latency for multiple major U.S. websites (see 1610210056). "While unprecedented, this episode was hardly unpredictable and could just be a preview of what’s to come if aggressive action is not taken to secure Internet connected devices," Blumenthal said in a Thursday letter to FTC Chairwoman Edith Ramirez. "Too many IoT devices today remain shockingly deficient in basic security standards, making it far too easy for this kind of distributed denial-of-service attack to occur." Blumenthal said the FTC should scrutinize "companies that don’t prompt users to immediately change passwords, use obvious default passwords, or keep open risky communication ports as the default." Blumenthal asked the FTC to consider ways to improve the timely recall of IoT devices that don't meet basic cybersecurity standards, because “there is no entity that currently coordinates or incentivizes” such efforts even though connected devices “may threaten personal privacy or national security.”