Congress Reintroduces IoT Security Bill


The Internet of Things Cybersecurity Improvement Act of 2019 is sponsored by Senator Mark R. Warner and is designed to make sure the government buys secure devices.

Currently, there are no federal IoT security standards in place, and with IoT devices still largely guilty of shoddy security, that can be a real problem.

The US Congress is hoping to change that with the reintroduction of the Internet of Things Cybersecurity Improvement Act of 2019. First introduced in 2017 and sponsored by Sen. Mark Warner (D-Virginia), the bill is designed to help ensure the federal government buys secure IoT devices.

“While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security,” Sen. Warner said in a statement.

Members of the US Senate and US House of Representatives have reintroduced the bill, hoping to bring standards to IoT technology. Lt. General Robert Ashley, director of  the Defense Intelligence Agency, told Senate lawmakers last year that IoT devices were one of the largest cyberthreats to US national security. As of now, it’s up to manufacturers to decide how secure to make their devices and many still do the only bare minimum or worse. Lawmakers hope this bill will fix that by imposing security standards on any IoT devices the federal government uses.

See also: IoT security bill makes it to Congress

“Clearly there is an emerging threat created by having all of this stuff connected to the internet, which makes it vulnerable to cyberattacks [and] which can be directed to the device as a target or employ the device to attack others,” Steve Bunnell, former general counsel for the U.S. Department of Homeland Security (DHS) and data security and privacy practice chair of D.C.-based law firm O’Melveny noted in a recent interview with PYMNTS. “A lot of the devices we’re talking about have no security. They weren’t built with security in mind, and there really isn’t any way to patch them.”

The bill’s goal is that improving security standards for federal government will lead to an improvement in standards for the entire IoT market. If passed it would require the National Institute of Standards and Technology to recommend security standards for the federal government and would review those standards every five years. It would also require vendors who sell to the government to have a vulnerability disclosure policy in place.

Sue Walsh

About Sue Walsh

Sue Walsh is News Writer for RTInsights, and a freelance writer and social media manager living in New York City. Her specialties include tech, security and e-commerce. You can follow her on Twitter at @girlfridaygeek.

Leave a Reply