How feasible is the ROUTERS Act?

Following the state of geopolitical conflicts and recent displays of weaponized technology, IoT security has become a top-of-mind topic for members of Congress. Fast-tracked with unanimous bipartisan support in the House, the Removing Our Unsecure Technologies to Ensure Reliability and Security Act (ROUTERS Act) proposes conducting an exhaustive nationwide study on the integrity, security, and vulnerability of devices and networks that connect Americans, industries, and local governments.

But just how feasible is it to inventory and assess modems, routers, networks, IoT, and related connectivity hardware and software within the Congress-requested one-year time span?

Technopedia asks John Terrill, Phosphorus CISO, how the Act’s goals could be accomplished and what role automation plays.

“They’ll engage a lot of different agencies, vendors, etc., to get a lay of the land. The difference is they’ll find that the consumer landscape for vendors-devices is far greater and much more chaotic than a commercial entity like suppliers of a shipping port.”

Terrill goes on to say that some while automation could play a role, this “falls into the field of vulnerability research for external entities, auditors, consultancies, and product-application security for the router vendors.”

Vendors may proactively attempt to identify vulnerabilities, and many of them will release updated firmware when those vulnerabilities are reported.

The ubiquity of routers adds to the need for action, as they operate at crucial places to establish traffic between the public Internet and local networks. Terrill says, “Being able to compromise them can give attackers a route into networks, bypassing firewalls and NAT.”

You can read the rest of the article at Technopedia, which provides more details on the ROUTERS Act, examples of destructive attacks targeting routers, and other perspectives.