Recently, the IoT Cybersecurity Improvement Act bill was proposed. The act will require federal procurement, and IoT devices to embed basic security standards. This bill has been manifested several times since 2017 and the recent incarnation of the bill was introduced in March 2019 by Sen. Cory Gardner (R-Colo.), co-chair of the Senate Cybersecurity Caucus with Mark Warner (D-Va.), and in the House by Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas).
According to Senator Warner, “While more and more products and even house appliances today have software functionality, and internet connectivity, too few incorporate even basic safeguards, and protections, posing a real risk to the individual and national security.”
Cyber-Security Bill Constitutes
The IoT cybersecurity bill consists of several different changes to federal guidelines. Primarily, it mandates that NIST (National Institute of Standards, and Technology) issue standard guidelines for existing devices procured by the federal government. Moreover, these changes will apply to federal civilian agencies like Management and Budget.
Furthermore, federal agencies will also be required to implement a vulnerability-disclosure policy for IoT devices. The future procurement of federal IoT devices must follow these guidelines. The enactment of the bill is not a surprise as cybersecurity is an on-going concern for many governments globally. The ENISA or the European Union Agency for Network and Information Security has already published detailed guidelines for IoT devices.
Strengthening the Network
Cybersecurity experts believe this new bill will strengthen the commitment to national security. The new set of guidelines will align the key goals of cybersecurity, and streamline the goals of cybersecurity.
It was also suggested that there will be tens of billions of IoT devices in usage soon. Likewise, these devices will likely vary from kitchen appliances to national monitoring systems. Hence, these pose a tremendous threat to individuals, as well as, national security.
When the bill is signed into law, it will mandate the National Institute of Standards, and Technology to issue recommendations for secure development, and configuration management for IoT devices, and patching.
The bill will also witness a great involvement of Homeland Security and outside experts in the coming years. These agencies and experts will also be requested to publish guidelines on vulnerability disclosure, and remediation of federal information systems.