Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

IoT Cybersecurity Improvement Act Passes Senate

The IoT Cybersecurity Improvement Act, a bill that aims to improve the security of Internet of Things (IoT) devices, passed the Senate on Tuesday and is heading to the White House for the president’s signature.

The IoT Cybersecurity Improvement Act, a bill that aims to improve the security of Internet of Things (IoT) devices, passed the Senate on Tuesday and is heading to the White House for the president’s signature.

The bill was first introduced in 2017 and it was reintroduced in 2019, passing the U.S. House of Representatives in September 2020.

Backers of the legislation include Reps. Will Hurd (R-Tex.) and Robin Kelly (D-Ill.), and Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo). The bill is also backed by several major cybersecurity and tech companies, including BSA, Mozilla, Rapid7, Cloudflare, CTIA and Tenable.

IoT Cybersecurity Improvement Act has passed the Senate

“While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security,” Sen. Warner said in a statement emailed to SecurityWeek. “I’m proud that Congress was able to come together today to pass this legislation, which will harness the purchasing power of the federal government and incentivize companies to finally secure the devices they create and sell. I urge the President to sign this bill into law without delay.”

Sen. Gardner commented, “I applaud the Senate for passing our bipartisan and bicameral legislation to ensure the federal government leads by example and purchases devices that meet basic requirements to prevent hackers from accessing government systems.”

He added, “Most experts expect tens of billions of devices operating on our networks within the next several years as the Internet of Things (IoT) landscape continues to expand. We need to make sure these devices are secure from malicious cyber-attacks as they continue to transform our society and add countless new entry points into our networks, particularly when they are integrated into the federal government’s networks.”

The IoT Cybersecurity Improvement Act requires NIST to issue guidelines and standards for the development, patching, and identity and configuration management of IoT devices. The law also states that government organizations can only acquire IoT devices that meet NIST’s recommendations.

The bill also focuses on making it easier to report and patch vulnerabilities found in IoT devices.

Advertisement. Scroll to continue reading.

Related: Vulnerability in Thales Product Could Expose Millions of IoT Devices to Attacks

Related: Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight

Related: IoT Devices at Major Manufacturers Infected With Malware via Supply Chain Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.