The bill is designed to address security vulnerabilities IoT adoption has created.
Illinois Congresswoman Robin Kelly announced she plans to introduce legislation to address security for government IoT devices. The bill would mandate that basic security standards be baked into all government purchased IoT devices. Congresswoman Kelly, the ranking member of the IT subcommittee, began discussing a draft of the bill in August 2017. Since then she has received extensive feedback from advocates, lawmakers, and government agencies and worked to incorporate much of it into the final bill.
“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure. Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices,” said Congresswoman Robin Kelly. “It’s estimated that by 2020 there will be 30 million internet-connected devices in use. As these devices positively revolutionize communication, we cannot allow them to become a backdoor to hackers or tools for cyberattacks.”
Congresswoman Kelly’s legislation has similarities to the Senate’s Internet of Things Cybersecurity Improvement Act. They differ in how they define what an IoT device is and the Senate bill gives agency CIO’s stronger waiver powers.
Academics and industry leaders have expressed their support for the bill:
“This bill makes important progress on one of the most pressing cybersecurity threats of our time. It leverages federal purchasing power to create pro-security market pressure and, equally important, serves as a model for the implementation of similar standards elsewhere,” said Jonathan Zittrain, Professor of Law and Professor of Computer Science, Harvard University. “The bill commits to engaging with academic and private-sector security experts to help craft specific agency guidelines. Casting a wide net during the advisory phase will both yield better policy and, if done fully, meaningfully enfranchise non-governmental partners.”