The Internet of Things Cybersecurity Improvement Act of 2019 is sponsored by Senator Mark R. Warner and is designed to make sure the government buys secure devices.
Currently, there are no federal IoT security standards in place, and with IoT devices still largely guilty of shoddy security, that can be a real problem.
The US Congress is hoping to change that with the reintroduction of the Internet of Things Cybersecurity Improvement Act of 2019. First introduced in 2017 and sponsored by Sen. Mark Warner (D-Virginia), the bill is designed to help ensure the federal government buys secure IoT devices.
“While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security,” Sen. Warner said in a statement.
Members of the US Senate and US House of Representatives have reintroduced the bill, hoping to bring standards to IoT technology. Lt. General Robert Ashley, director
“Clearly there is an emerging threat created by having all of this stuff connected to the internet, which makes it vulnerable to cyberattacks [and] which can be directed to the device as a target or employ the device to attack others,” Steve Bunnell, former general counsel for the U.S. Department of Homeland Security (DHS) and data security and privacy practice chair of D.C.-based law firm O’Melveny noted in a recent interview with PYMNTS. “A lot of the devices we’re talking about have no security. They weren’t built with security in mind, and there really isn’t any way to patch them.”
The bill’s goal is that improving security standards for federal government will lead to an improvement in standards for the entire IoT market. If passed it would require the National Institute of Standards and Technology to recommend security standards for the federal government and would review those standards every five years. It would also require vendors who sell to the government to have a vulnerability disclosure policy in place.