After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature…
After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature. The bill establishes minimum security standards for Internet of Things (IoT) devices owned or controlled by the Federal Government.
The House of Representatives passed the IoT Cybersecurity Improvement Act (H.R. 1668) in September, and the Senate approved it on November 17 by unanimous consent. President Donald Trump is expected to sign the bill.
“While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security,” Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO) said in a press statement. “I’m proud that Congress was able to come together today to pass this legislation, which will harness the purchasing power of the federal government and incentivize companies to finally secure the devices they create and sell.”
Proliferation of IoT Devices
The term “Internet of Things” (IoT) refers to the billions of physical devices around the world that are now connected to the internet, all collecting and sharing data. Essentially, any physical object can be transformed into an IoT device if it can be connected to the Internet to be controlled or communicate information. These devices include everyday objects, from home security systems to pacemakers which send and receive data via an Internet connection. With the growing popularity of virtual assistants like Amazon’s Alexa, internet connectivity is a growing feature on a wide range of electronic devices. The IoT technology reached 100 billion dollars in market revenue for the first time in 2017, and the figure is predicted to grow to approximately 1.6 trillion by 2025.
The IoT Cybersecurity Improvement Act would require the National Institute of Standards and Technology (NIST) to develop standards and guidelines for the Federal Government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices. The standards must be published within 90 days of enactment.
In developing the standards and guidelines, NIST must ensure that its efforts are consistent with its existing protocols regarding examples of possible security vulnerabilities of IoT devices; and considerations for managing the security vulnerabilities of IoT devices. It must also address the following with respect to IoT devices: (i) secure development; (ii) identity management; (iii) patching; and (iv) configuration management.
In addition to mandating NIST standards, the IoT Cybersecurity Improvement Act would also:
Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, including making any necessary revisions to the Federal Acquisition Regulation to implement new security standards and guidelines.
Require any IoT devices purchased by the federal government to comply with those recommendations.
Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidelines on vulnerability disclosure and remediation for federal information systems.
Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.
Key Takeaway
The Internet of Things Cybersecurity Improvement Act would only apply to federally-procured IoT devices. However, the legislation is likely to spur efforts to create a standard for the private sector as well.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Maryam Meseha, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
Corporate Transactions: Best Practices for Successful Deals
Corporate transactions can have significant implications for a corporation and its stakeholders. For deals to be successful, companies must act strategically to maximize value and minimize risk. It is also important to fully understand the legal and financial ramifications of corporate transactions, both in the near and long term. Understanding Corporate Transactions The term “corporate […]
How to Conduct a Fair and Legal Employee Termination in 2025
Ongoing economic uncertainty is forcing many companies to make tough decisions, which includes lowering staff levels. The legal landscape on both the state and federal level also continues to evolve, especially with significant changes to the priorities of the Equal Employment Opportunity Commission (“EEOC”) under the Trump Administration. Terminating an employee is one of the […]
Admin Dissolution for Annual Report: What You Need to Know
While filing annual reports may seem like a nuisance, failing to do so can have significant ramifications. These include fines, reputational harm, and interruption of your business operations. In basic terms, “admin dissolution for annual report” means that a company is dissolved by the government. This happens because it failed to submit its annual report […]
Antitrust laws are designed to ensure that businesses compete fairly. There are three federal antitrust laws that businesses must navigate. These include the Sherman Act, the Federal Trade Commission Act, and the Clayton Act. States also have their own antitrust regimes. These may vary from federal regulations. Understanding antitrust litigation helps businesses navigate these complex […]
Dissolving Your Business: Essential Legal Steps to Protect Your Interests
If you’re considering closing your business, it’s crucial to understand that simply shutting your doors does not end your legal obligations. Unless you formally dissolve your business, it continues to exist in the eyes of the law—leaving you exposed to ongoing liabilities such as taxes, compliance violations, and potential lawsuits. Dissolving a business can seem […]
The Role of Corporate Restructuring in Mergers & Acquisitions
Contrary to what many people think, corporate restructuring isn’t all doom and gloom. Revamping a company’s organizational structure, corporate hierarchy, or operations procedures can help keep your business competitive. This is particularly true during challenging times. Corporate restructuring plays a critical role in modern business strategy. It helps companies adapt quickly to market changes. Following […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
