Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

‘Internet of things’ bill introduced in Congress

Reprints
Internet of things

Bipartisan legislation intended to improve the cybersecurity of “internet of things” devices was introduced Monday in Congress.

The Internet of Things (IoT) Cybersecurity Improvement Act of 2019 would require devices purchased by the U.S. government to meet certain minimum requirements, according to a statement issued by co-sponsor Sen. Mark R. Warner, D-Va.

The bill’s other sponsors are Sens. Cory Gardner, R-Colo., and Maggie Hassan, D-Mont.; and Reps. Robin Kelly, D-Ill., and Will Hurd, R-Texas.

S. 734 has been referred to the Senate Homeland Security and Government Affairs Committee.

Sen. Warner said in a statement, “While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security.”

Sen. Warner said, “This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices.”

Observers note that previous versions of this legislation that were introduced in 2017 and 2018 have failed.

Under provisions of the bill, according to the statement:

  • The National Institute of Standards and Technology must issue recommendations addressing, at a minimum, secure development, identity management, patching and configuration management for internet of things devices.
     
  • The Office of Management and Budget must issue guidelines for each agency that are consistent with the NIST recommendations, and OMB would be charged with reviewing these policies at least every five years.
     
  • Any internet-connected devices purchased by the federal government must comply with those recommendations.
     
  • NIST must work with cybersecurity researchers and industry experts to publish guidance on coordinated vulnerability discloser to ensure vulnerabilities related to agency devices are addressed.
     
  • Contractors and vendors that provide IoT devices to the U.S. government must adopt coordinated vulnerability disclosure polices, so if a vulnerability is uncovered, the information is disseminated.
     

The statement said internet-connected devices are expected to total more than 20 billion by 2020.

A report issued last year by U.S.-based research firm Ponemon Institute LLC and the Shared Assessments Program found that 97% of risk professionals believe businesses could face a significant cyberattack due to unsecured Internet-of-things devices. 

 

 

 

 

Read Next

  • Businesses could face cyber attacks due to unsecured IoT devices: Report

    A report by U.S.-based research firm Ponemon Institute L.L.C. and the Shared Assessments Program found that 97% of risk professionals believe businesses could face a significant cyber attack due to unsecured Internet-of-things devices, Gigabit reported. The report found that the number of IoT devices in the workplace is expected to increase 56% to 24,762 this year from 15,874 in 2017. A report by U.S.-based research firm Gartner Inc. found that 20% of organizations experienced one or more IoT hacks within the past three years.