Recently, the IoT Cybersecurity Improvement Act bill was proposed. The act will require federal procurement, and IoT devices to embed basic security standards. This bill has been manifested several times since 2017 and the recent incarnation of the bill was introduced in March 2019 by Sen. Cory Gardner (R-Colo.), co-chair of the Senate Cybersecurity Caucus with Mark Warner (D-Va.), and in the House by Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas).
According to Senator Warner, “While more and more products and even house appliances today have software functionality, and internet connectivity, too few incorporate even basic safeguards, and protections, posing a real risk to the individual and national security.”
Cyber-Security Bill Constitutes
The IoT cybersecurity bill consists of several different changes to federal guidelines. Primarily, it mandates that NIST (National Institute of Standards, and Technology) issue standard guidelines for existing devices procured by the federal government. Moreover, these changes will apply to federal civilian agencies like Management and Budget.
Furthermore, federal agencies will also be required to implement a vulnerability-disclosure policy for IoT devices. The future procurement of federal IoT devices must follow these guidelines. The enactment of the bill is not a surprise as cybersecurity is an on-going concern for many governments globally. The ENISA or the European Union Agency for Network and Information Security has already published detailed guidelines for IoT devices.
Click Here to Read More: Basic Cyber Requirements Becomes Mandatory for IoT Devices