Well, we’re seeing the first major step being taken to establish some sort of security standard for IoT devices. On August 1st, a group of senators introduced a bill entitled the Internet of Things Cybersecurity Improvement Act of 2017. The bill would require that all IoT devices sold to the United States government must meet three criteria. They must be patchable, not contain any known security vulnerabilities and permit users to change their default passwords. The bill utilizes much of the thinking employed by the National Institute of Standards and Technology (NIST). NIST is a government agency that develops standards for different technologies. While this bill only applies to government purchases, the standards adopted by vendors for these devices could translate automatically for application in the private sector.
Last October, millions of internet-connected devices infected by Mirai malware—including many closed-circuit cameras and DVRs—bombarded internet company Dyn with traffic, causing a denial-of-service attack so massive it led to widespread outages and congestion online.