IoT Cybersecurity Improvement Act Calls for Deployment Standards
The News: A proposed federal bill seeks to develop security standards for all government-purchased internet-connected devices. The IoT Cybersecurity Improvement Act of 2019, co-sponsored by Reps. Robin Kelly (D-Ill) and Will Hurd (R-Texas), would require the National Institute of Standards and Technology (NIST), to issue guidelines for the secure development, configuration, and management of IoT devices. It would also require the federal government to comply with these guidelines. Read the full story at SearchSecurity.
Analyst Take: If the Internet of Things (IoT) has ever made you nervous about possible security issues, that’s good—that means you’re paying attention. We’ve been writing and speaking about the need for a security-first mindset in the development of all things IoT-device related for a long time now, so this proposed bill definitely got my attention.
What is the IoT Cybersecurity Improvement Act of 2019?
The main focus of the IoT Cybersecurity Improvement Act of 2019 is creating a set of security standards that all internet-ready devices purchased by the government would have to adhere to. Granted, this proposed bill is only meant to affect devices used by government officials right now, but it’s possible it could lead to standards that might eventually extend to all devices in the future. I’ll remain cautiously hopeful on that front.
Since the bill’s introduction last March, its co-sponsors and the bill’s proponents alike have expressed concerns about how quickly IoT-operated devices are brought to the market, often too fast to fully vet them to ensure there are no security issues. Obviously, this is a big issue for government officials, but many citizens also worry about it when using their own personal devices.
What’s the Status?
Both the House and Senate bills have been voted on and are one step closer to becoming reality. The House bill needs approval by one additional committee before heading to the House Floor, and the Senate bill has cleared and could be close to receiving a final vote on the Senate Floor. Jen Ellis over at Rapid7 has done an amazingly thorough job of analyzing these bills, their respective markups and progress through the House and Senate. If this is of interest to you, I highly recommend you check out her article.
This is a bill our team will watch closely, as cybersecurity understandably remains a top concern for businesses of all sizes across all industries. The Internet of Things, and IoT-connected devices present great opportunities for innovation and advancement, but there are inherent security risks that are part of the equation as well. If a bill of this nature ends up becoming law, this could easily reach beyond the federal government and impact IoT security into the private sector as well as, of course, the development of consumer devices. And that? That’s a very good thing.
Image credit: Skeeze from Pixabay
More Analysis from Futurum Research:
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice
Latest posts by Shelly Kramer (see all)
- Microsoft’s ElectionGuard Software Could Have Far-Reaching Impact - February 19, 2020
- Cloud Wars:Amazon Scores as Judge Blocks Microsoft’s JEDI Cloud Contract Award - February 13, 2020
- Epic Systems Moves Away From Google Cloud Citing Security Concerns — The Healthcare Industry Should Take Note - January 25, 2020