The bill is designed to address security vulnerabilities IoT adoption has created.
Illinois Congresswoman Robin Kelly plans to introduce legislation to address security for government IoT devices. The bill would mandate that all government purchased IoT devices include basic security standards. Congresswoman Kelly, ranking member of the IT subcommittee, began discussing a draft of the bill in August 2017. Since then she has received and worked to incorporate extensive feedback from advocates, lawmakers, and government agencies into the final bill.
“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure. Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices,” says Kelly. “It’s estimated that by 2020 there will be 30 million internet-connected devices in use. As these devices positively revolutionize communication, we cannot allow them to become a backdoor to hackers or tools for cyberattacks.”
Kelly’s legislation has similarities to the Senate’s Internet of Things Cybersecurity Improvement Act. They differ in how they define what an IoT devices, and the Senate bill gives agency CIO’s stronger waiver powers.
Support from Academics and Industry Leaders
“This bill makes important progress on one of the most pressing cybersecurity threats of our time. It leverages federal purchasing power to create pro-security market pressure and, equally important, serves as a model for the implementation of similar standards elsewhere,” said Jonathan Zittrain, Professor of Law and Professor of Computer Science, Harvard University. “The bill commits to engaging with academic and private-sector security experts to help craft specific agency guidelines. Casting a wide net during the advisory phase will both yield better policy and, if done fully, meaningfully enfranchise non-governmental partners.”