Groundbreaking IoT Legislation Close to Becoming Law - Security Boulevard

Groundbreaking IoT Legislation Close to Becoming Law

Will the IoT Cybersecurity Improvement Act be signed by the president? Most security industry experts believe the answer to that question is yes — but which president? 

The proposed legislation has bipartisan sponsorship by Reps. Will Hurd, R-Texas, and Robin Kelly, D-Ill. If it becomes law, the act will require the federal government’s use of IoT devices to conform to basic security requirements.

The issue of IoT device security has been with us for many years. Back in 2016, I wrote this blog asking “Should Insecure IoT Devices Be Banned?” One focus at that time was the Mirai botnet bringing down large portions of cyberspace, largely by infecting insecure IoT devices.

The National Institute of Standards and Technology (NIST) has been working on IoT security recommendations for several years, but following their guidance on this topic has been voluntary up to this point.  

The explosion of IoT devices globally, along with the serious risk of impact to critical infrastructure and essential networks from cyberattacks and IoT devices, has led to the urgently needed IoT Cybersecurity Improvement Act.

What Will the IoT Cybersecurity Improvement Act Do?

The recent Senate approval of the proposed legislation was greeted by wide media coverage from around the country. Here are several articles of note:

Forbes: The IoT Cybersecurity Improvement Act: Combining Tech With Policy To Address Threats

“The bill affirms the risks inherent with accelerated use of internet-connected devices and calls for cooperative efforts between government, industry and academia.

“It also establishes a hierarchy of responsibility for protecting federal agencies against cyberattacks that starts with the executive branch, ‘followed by the Office of Management and Budget [OMB], the Secretary of Homeland Security and the head of each such agency,’ while directing the OMB to oversee the creation (Read more...)

*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: