The Senate, on November 17, 2020, approved the Internet of Things Cybersecurity Improvement Act (H.R. 1668) by unanimous consent and sent it to the White House for President’s signature. The bill, which was first introduced in 2017 and reintroduced in 2019, passed the U.S. House of Representatives in September 2020 by voice vote.
The new IoT legislation, which is backed by Reps. Will Hurd (R-Tex.), Robin Kelly (D-Ill.), Sens. Mark Warner (D-Va.), and Cory Gardner (R-Colo), mandates the U.S. National Institute of Standards and Technology (NIST) to create recommendations to address cybersecurity issues and release guidelines for government agencies that align with the NIST recommendations.
The IoT Cybersecurity Improvement Act also directs NIST to work with cybersecurity researchers and industry experts to publish guidance on coordinated vulnerability disclosure to ensure that vulnerabilities related to agency devices are addressed. As per the new legislation, the federal agencies should only acquire IoT devices that meet NIST’s recommendations.
“While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security. The legislation will harness the purchasing power of the federal government and incentivize companies to finally secure the devices they create and sell. I urge the President to sign this bill into law without delay,” Sen. Warner said in a media statement.
“Most experts expect tens of billions of devices operating on our networks within the next several years as the Internet of Things (IoT) landscape continues to expand. We need to make sure these devices are secure from malicious cyberattacks as they continue to transform our society and add countless new entry points into our networks, particularly when they are integrated into the federal government’s networks,” Sen. Gardner commented.