This week the U.S. House of Representatives passed the IoT Cybersecurity Reform Act , a law that seeks to enhance IoT system stability.
The IoT Cybersecurity Improvement Act was first introduced in 2017 and reintroduced in 2019, and will now have to pass the Senate before the president can sign it into law.
Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.) support the bipartisan initiative, and Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo). Several major cybersecurity and tech firms are also supporting the bill, including BSA, Mozilla, Rapid7, Cloudflare, CTIA and Tenable.
“The House passage of this legislation is a major accomplishment in combatting the threats that insecure IoT devices pose to our individual and national security. Frankly, manufacturers today just don’t have the appropriate market incentives to properly secure the devices they make and sell – that’s why this legislation is so important,” Warner said after the bill passed the House.
“I commend Congresswoman Kelly and Congressman Hurd for their efforts to push this legislation forward over the past two years. I look forward to continuing to work to get this bipartisan, bicameral bill across the finish line in the Senate,” he added.
If it becomes law, the IoT Cybersecurity Improvement Act will require NIST to issue standards and guidelines for secure development, patching, identity management, and configuration management for IoT products. All IoT devices acquired by the federal government will have to comply with these recommendations.
NIST will also have to work with researchers, industry experts and the DHS to issue guidance on the coordinated disclosure of vulnerabilities found in IoT devices, and contractors and vendors working with the U.S. government will have to adopt vulnerability disclosure policies.
“Most experts expect tens of billions of devices operating on our networks within the next several years as the Internet of Things (IoT) landscape continues to expand. We need to make sure these devices are secure from malicious cyber-attacks as they continue to transform our society and add countless new entry points into our networks, particularly when they are integrated into the federal government’s networks,” said Sen. Gardner. “I applaud the House of Representatives for passing this bipartisan, commonsense legislation to ensure the federal government leads by example and purchases devices that meet basic requirements to prevent hackers from accessing government systems.”