U.S. Senate Votes to Approve the IoT Cybersecurity Improvement Act


Saturday, November 21st, 2020 | ,

The Internet of Things Cybersecurity Improvement Act of 2020, which was unanimously passed by the U.S. House of Representatives in September, was passed by the U.S. Senate earlier this week and is now heading to the president’s desk to be signed into law. Security experts praised the bill’s alignment with existing standards and best practices, as well as its attempt to secure the robust number of IoT devices.

Rapid7’s director of Public Policy, Harley Geiger, said in a recent post:

“Through the Act, the federal government can lead by example in implementing basic IoT security standards and best practices for devices it buys and manages, and drive contractors’ adoption of standards-based coordinated vulnerability disclosure processes.”

The IoT Cybersecurity Improvement Act has several different parts. In the first, it mandates that NIST must issue standards-based guidelines for the minimum security of IoT devices that are owned by the federal government. The Office of Management and Budget (OMB) must also implement requirements for federal civilian agencies to have information-security policies that are consistent with the new NIST guidelines. Under the law, federal agencies must also implement a vulnerability-disclosure policy for IoT devices, and they cannot procure devices that don’t meet the security guidelines.

Rapid7’s Geiger said that he hopes the bill signals strengthened commitment from the U.S. federal government to work on IoT security.

“While we support strong IoT security, we believe it is best implemented in a coordinated manner, avoiding a patchwork between U.S. states or internationally. This will take sustained engagement from both the public and private sectors, but the passage of the IoT Cybersecurity Improvement Act and the lessons to be learned in its implementation will be invaluable to this process.”


Sources:

Share this: