The ROUTERS Act, now in the hands of the Senate, could bring about a massive study into the security posture of the nation’s routers. Meanwhile, some, like CISO John Terrill, question whether its scope is too narrow.
According to the language of the bill, the proposed legislation would “conduct a study of the national security risks posed by consumer routers, modems, and devices that combine a modem and router, and for other purposes.” As Terrill tells MES Computing, security issues aren’t exclusive to Wi-Fi devices but also smart fridges, printers, door controllers and other IoT devices.
“Our customer base [falls] into two groups. One, [is] device forward … manufacturing, oil and gas, pharmaceutical.”
“But that second bucket, I think, is the one where people aren’t thinking about this enough, and that’s media, it’s tech, it’s financial services, it’s law firms, where we send everybody home for a pandemic, and then you just kind of assume, well, if the devices that were in the office, you know, if we didn’t need the office, then we don’t need the device, right? And that’s not true. When you go back in the office, the general counsel still uses their printer, the CEO still has a phone … the board is still going to sit in a boardroom with a bunch of conferencing equipment …. there are still door controllers for getting into the office and cameras that are watching that are looking out on the floor, there’s still that stuff there. In fact, the numbers that we see with customers is roughly three to five times the number of IoT devices as you have people.”
Read the full article at MES Computing, which also discusses criticisms toward specific device manufacturers not named in the bill.