Scarinci Hollenbeck, LLC, LLCScarinci Hollenbeck, LLC, LLC

Firm Insights

Bill Seeks To Establish Cybersecurity Guidelines for IoT Devices

Author: Scarinci Hollenbeck, LLC

Date: August 23, 2017

Key Contacts

Back

Bi-Partisan Bill Seeks to Establish Cybersecurity Guidelines for IoT Devices 

The U.S. Senate is currently considering the Internet of Things (IoT) Cybersecurity Improvement Act of 2017, which would establish baseline cybersecurity standards for federal procurement of IoT devices. The bill would also allow security researchers to look for critical vulnerabilities in devices purchased by the government without fear of prosecution. 

Bill Seeks To Establish Cybersecurity Guidelines for IoT Devices
Photo courtesy of Stocksnap.io

The IoT bill has attracted co-sponsors from both sides of the aisle, including U.S. Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Ron Wyden (D-OR) and Steve Daines (R-MT). The lawmakers drafted the legislation in consultation with technology and security experts from institutions such as the Berklett Cybersecurity Project of the Berkman Klein Center for Internet & Society at Harvard University.

Proliferation of IoT Devices Increases Cyber Risks

The term “Internet of Things” (IoT) refers to the ability of everyday objects, from home security systems to pacemakers, to send and receive data via an Internet connection. Research firm Gartner, Inc. predicts that 8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016. The number of IoT devices is expected to reach 20.4 billion by 2020.

As adoption of the technology grows, so do the potential data privacy and cybersecurity risks, including unauthorized access, misuse of personal information, and personal safety concerns. According to Sen. Warner, the worldwide internet outages caused last year by devices infected with the Mirai malware highlighted the need for more robust discussions about securing IoT devices. 

“While I’m tremendously excited about the innovation and productivity that Internet-of-Things devices will unleash, I have long been concerned that too many Internet-connected devices are being sold without appropriate safeguards and protections in place,” said Sen. Warner

Provisions of Internet of Things (IoT) Cybersecurity Improvement Act of 2017

The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 broadly defines “Internet-Connected Device” to include any “physical object that—(A) is capable of connecting to and is in regular connection with the Internet; and (B) has computer processing capabilities that can collect, send, or receive data.” Among other provisions, the legislation would:

  • Require vendors of Internet-connected devices purchased by the federal government to ensure their devices are patchable, rely on industry standard protocols, do not use hard-coded passwords, and do not contain any known security vulnerabilities.
  • Direct the Office of Management and Budget (OMB) to develop alternative network-level security requirements for devices with limited data processing and software functionality.
  • Direct the Department of Homeland Security’s National Protection and Programs Directorate to issue guidelines regarding cybersecurity coordinated vulnerability disclosure policies to be required by contractors providing connected devices to the U.S. Government.
  • Exempt cybersecurity researchers engaging in good-faith research (often called “grey hats”) from liability under the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act when engaged in research pursuant to adopted coordinated vulnerability disclosure guidelines.
  • Require each executive agency to inventory all Internet-connected devices in use by the agency.

Notably, the requirements would only apply to IoT devices sold to the federal government. However, should the measure advance, additional legislation for consumer-facing devices would likely be forthcoming.

Do you have any feedback, thoughts, reactions or comments concerning this topic? Feel free to leave a comment below for Fernando M. Pinguelo. If you have any questions about this post, please contact me or the Scarinci Hollenbeck attorney with whom you work.

    No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

    Scarinci Hollenbeck, LLC, LLC

    Related Posts

    See all
    Assignment for the Benefit of Creditors: An Alternative to Bankruptcy for Distressed Businesses post image

    Assignment for the Benefit of Creditors: An Alternative to Bankruptcy for Distressed Businesses

    When a business reaches the point where it can no longer service its debts or otherwise resolve its liabilities, management is often faced with a difficult question: is a bankruptcy filing necessary or is there another way to perform an orderly liquidation or sale of the business assets? While Chapters 7 and 11 of the […]

    Author: John D. Giampolo

    Link to post with title - "Assignment for the Benefit of Creditors: An Alternative to Bankruptcy for Distressed Businesses"
    Breaking Down New Jersey’s “Mansion” Tax: What Buyers and Sellers Need to Know post image

    Breaking Down New Jersey’s “Mansion” Tax: What Buyers and Sellers Need to Know

    For many years, the New Jersey Mansion Tax has been a significant consideration in high-value real estate transactions. Recent legislative changes, however, have substantially altered how the tax operates, including who is responsible for paying it and the amount owed in certain transactions. Whether you are purchasing, selling, or investing in New Jersey real estate, […]

    Author: George McGowan

    Link to post with title - "Breaking Down New Jersey’s “Mansion” Tax: What Buyers and Sellers Need to Know"
    Estate Planning for Digital Assets Under New Jersey Law post image

    Estate Planning for Digital Assets Under New Jersey Law

    As our personal and financial lives increasingly move online, estate planning must evolve to address a new category of property: digital assets. From email accounts and social media profiles to cryptocurrency and cloud-stored business records, these assets often carry both financial and sentimental value. Yet, without proper planning, they can become inaccessible—or even lost—upon incapacity […]

    Author: Marc J. Comer

    Link to post with title - "Estate Planning for Digital Assets Under New Jersey Law"
    The Role of Representation and Warranty Insurance in M&A Transactions post image

    The Role of Representation and Warranty Insurance in M&A Transactions

    In today’s mergers and acquisitions market, representation and warranty (R&W) insurance has become a common feature of deal negotiations. Once used primarily in larger transactions, R&W insurance is now frequently incorporated into middle-market deals as buyers and sellers look for efficient ways to allocate risk and close deals. When structured properly, R&W insurance can help […]

    Author: George McGowan

    Link to post with title - "The Role of Representation and Warranty Insurance in M&A Transactions"
    You Just Received a Federal Grand Jury Subpoena in New Jersey: Now What? post image

    You Just Received a Federal Grand Jury Subpoena in New Jersey: Now What?

    Receiving a federal grand jury subpoena is not something most businesses or individuals anticipate. While it can be concerning, a federal grand jury subpoena does not necessarily mean that you are being accused of wrongdoing. It does, however, mean that a federal criminal investigation is underway and that federal prosecutors believe you may possess information […]

    Author: George McGowan

    Link to post with title - "You Just Received a Federal Grand Jury Subpoena in New Jersey: Now What?"
    Why Every Business Should Conduct an Annual Insurance Coverage Review post image

    Why Every Business Should Conduct an Annual Insurance Coverage Review

    Most New Jersey business owners purchase insurance policies, file them away, and assume they are protected if a claim arises. Without a regular insurance coverage review, many companies discover gaps only after a lawsuit, cyberattack, property loss, or other significant event occurs. An annual insurance coverage review can help businesses identify potential risks, ensure their […]

    Author: George McGowan

    Link to post with title - "Why Every Business Should Conduct an Annual Insurance Coverage Review"

    No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

    Sign up to get the latest from our attorneys!

    Explore What Matters Most to You.

    Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.

    Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.

    Let`s get in touch!

    * The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form. By providing a telephone number and submitting this form you are consenting to be contacted by SMS text message. Message & data rates may apply. Message frequency may vary. You can reply STOP to opt-out of further messaging.
    “If you would like to submit a file, please email it directly to info@sh-law.com.

    Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!