The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices.
First introduced in 2017 and reintroduced in 2019, the IoT Cybersecurity Improvement Act will now have to pass the Senate before it can be signed into law by the president.
The bipartisan legislation is backed by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), and Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo). There are also several major cybersecurity and tech companies that support the bill, including BSA, Mozilla, Rapid7, Cloudflare, CTIA and Tenable.
“The House passage of this legislation is a major accomplishment in combatting the threats that insecure IoT devices pose to our individual and national security. Frankly, manufacturers today just don’t have the appropriate market incentives to properly secure the devices they make and sell – that’s why this legislation is so important,” Warner said after the bill passed the House.
“I commend Congresswoman Kelly and Congressman Hurd for their efforts to push this legislation forward over the past two years. I look forward to continuing to work to get this bipartisan, bicameral bill across the finish line in the Senate,” he added.
If it becomes law, the IoT Cybersecurity Improvement Act will require NIST to issue standards and guidelines for secure development, patching, identity management, and configuration management for IoT products. All IoT devices acquired by the federal government will have to comply with these recommendations.
NIST will also have to work with researchers, industry experts and the DHS to issue guidance on the coordinated disclosure of vulnerabilities found in IoT devices, and contractors and vendors working with the U.S. government will have to adopt vulnerability disclosure policies.
“Most experts expect tens of billions of devices operating on our networks within the next several years as the Internet of Things (IoT) landscape continues to expand. We need to make sure these devices are secure from malicious cyber-attacks as they continue to transform our society and add countless new entry points into our networks, particularly when they are integrated into the federal government’s networks,” said Sen. Gardner. “I applaud the House of Representatives for passing this bipartisan, commonsense legislation to ensure the federal government leads by example and purchases devices that meet basic requirements to prevent hackers from accessing government systems.”
Related: Vulnerability in Thales Product Could Expose Millions of IoT Devices to Attacks
Related: Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight
Related: IoT Devices at Major Manufacturers Infected With Malware via Supply Chain Attack