Internet of Things (IoT) Cybersecurity Bill Approved by Congress: What's the Future Holds for Industry Actors?
President Donald Trump is expected to sign a comprehensive bill, passed unanimously by the Republican-controlled Senate, which aims to establish uniform cybersecurity standards for companies operating in the federal market for Internet of Things (IoT) devices.
The bill, if signed, would take effect this week if the president does not veto it. The legislation, introduced by Senators Cory Gardner (R-CO) and Mark Warner (D-VA), co-founders of the Senate Cybersecurity Caucus, in 2017, is a significant step towards addressing the vulnerabilities of IoT devices that were exposed during the 2016 Mirai botnet attacks, which led to massive disruptions of internet service in the U.S.
The federal bill calls for the National Institute of Standards and Technology (NIST) to issue recommendations on secure development, identity management, patching, and configuration of IoT devices. NIST will work closely with the Department of Homeland Security and industry experts on guidelines for vulnerability disclosure.
Contractors and vendors providing information systems to the federal government would be required to create coordinated vulnerability disclosure policies. The Office of Management and Budget would set guidelines for each agency consistent with the NIST recommendations.
Established and mature companies often take their products to third-party certification labs for penetration testing and reviews of various design, manufacturing, and life cycle processes. Some companies may create separate SKUs for devices intended to comply with the new federal regulations, offering higher-priced, more secure versions and maintaining less secure, lower-cost options for non-government business.
The bill aims to impact the broader enterprise and consumer markets for IoT devices, similar to how EnergyStar ratings impact energy efficiency standards. The large system integrators already in the federal space are likely to be the first to comply with the new standards, pushing them down the supply chain.
IoT technology has been widely used in major industries for decades, including building control systems, power generation facilities, warehouse management systems, and healthcare. More recently, IoT technology has been used to develop automated thermostats, connected vehicles, and home security devices.
Sen. Mark Warner, D-VA, stated that the bill will help establish minimum security standards for IoT devices due to the lack of safeguards and protections in many current IoT products. The bill is expected to drive the private sector to harmonise standards in a way similar to the use of green building technologies.
Botnets have been targeting low-hanging fruit, such as consumer IoT devices, and exploiting weak security features to misuse IoT devices and send large volumes of data to various internet sites and services. The new legislation is a significant step towards addressing these vulnerabilities and improving the overall security of IoT devices.
California and Oregon have also passed state bills requiring IoT manufacturers to meet minimum security standards on devices sold in those states, effective from the beginning of 2020. The search results do not specify a particular person responsible for the development of the NIST recommendations on improving IoT device security.
Read also:
- Cyber Attack Nets $14 Million from WOO X Across Four Different Blockchains
- Auto industry giants Fescaro and TUV Nord team up for cybersecurity certification in automobiles
- Nigerian Securities and Exchange Commission (SEC) teams up with Chainalysis to combat cryptocurrency fraud activities
- International marketing firm We Are Social intensifies global strategy for gaming industry
%20Cybersecurity%20Bill%20Approved%20by%20Congress%3A%20What's%20the%20Future%20Holds%20for%20Industry%20Actors%3F){kind=link}