IoT Security Bill Reintroduced in House and Senate

Internet of Things IoT Data Architecture diagram

A bipartisan group of senators and House members reintroduced the IoT Cybersecurity Improvement Act in both chambers, which would require Federal agencies to follow guidelines developed by the National Institute of Standards and Technology’s (NIST’s) on security for Internet of Things (IoT) devices.

The bill, which was initially proposed in 2017, would require NIST to develop recommended standards for IoT devices and would task the Office of Management and Budget (OMB) with issuing guidance to agencies that aligns with NIST’s requirements. It would also require NIST to offer guidance on vulnerability disclosure, and report on IoT cybersecurity threats.

The bill was first introduced in the Senate in August 2017 by Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo., and introduced in the House in December 2018 by Rep. Robin Kelly, D-Ill. All return as cosponsors on the 2019 version of the bill, and are joined by Sens. Maggie Hassan, D-N.H., Steve Daines, R-Mont., and Rep. Will Hurd, R-Texas.

“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure,” said Kelly.

The bill also boasts significant support from industry. BSA, Cloudflare, CTIA, Mozilla, Symantec, and Tenable all endorsed the bill, according to the joint press release from the members of Congress.

“As these devices continue to transform our society and add countless new entry points into our networks, we need to make sure they are secure, particularly when they are integrated into the federal government’s networks,” said Gardner.

Recent