The House passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 yesterday and as it moves to the other chamber with support from bipartisan senators, leaders of the IoT cyber legislation are looking ahead to what this legislation could mean for IoT manufacturers and American privacy.
“The reason that we work so well together is that we share a common goal: protecting America and Americans from cyberattacks,” Rep. Robin Kelly, D-Ill., said today of the partnership between herself, Rep. Will Hurd, R-Texas, and Sens. Mark Warner, D-Va., and Cory Gardner, R-Colo., on the bicameral and bipartisan legislation.
The IoT Cybersecurity Improvement Act directs the National Institute of Standards and Technology and the Office of Management and Budget to publish and review standards for IoT device security, setting a minimum security standard for all IoT devices purchased by government agencies.
“If you’re going to introduce a widget into the digital infrastructure of the Federal government, and it has a known vulnerability, you either have to patch it or have some way to address it,” Rep. Hurd explained. “It is that simple.”
Rep. Hurd continued that its primary goal is to stop unsecured devices from entering the Federal supply chain. “What we’re trying to do with our legislation is to not even get to a point where that could potentially be introduced into our networks,” he said.
Sen. Warner acknowledged that there’s work to be done to get the legislation passed in the Senate but added that this is still progress for legislation that has been three years in the making. He explained that while larger IoT vendors have been willing to add the extra security measure to their devices, there’s been pushback because “some of the low-end vendors have not wanted to take the responsibility to actually remediate known vulnerabilities.”
From the start, Sen. Warner said that his goal with the cyber IoT legislation was to be as broad as possible because he believes there should be IoT standards on the consumer side as well. “My hope is that this standard would evolve to a default industry standard,” he said.
Rep. Kelly agreed, “There was hope that the Federal standards would raise the post on all standards.” She added that as consumers have shown their concern for privacy and security, companies should be investing in IoT cybersecurity for a competitive advantage.