The House has passed bipartisan legislation introduced by Reps. Will Hurd, R-Texas and two-time Wash100 Award recipient, and Robin Kelly, D-Ill., that seeks to fortify the security posture of U.S. internet of things (IoT) networks.
Hurd’s office said Monday the 2020 IoT Cybersecurity Improvement Act awaits Senate approval and requires all government-owned IoT devices to undergo vetting procedures to ensure supply-chain accountability as well as compliance with federal security requirements.
The legislation would also direct the National Institute of Standards and Technology (NIST) to establish criteria for IoT device management and the Office of Management and Budget (OMB) to assess current information security guidelines.
In addition, agencies would be banned from procuring devices that do not meet NIST and OMB’s standards while contractors are subject to “coordinated vulnerability disclosure” requirements.
“The [IoT] grows every single day, and, by the end of next year, it will include more than 20 billion devices,” according to Hurd. “America needs to keep up with this incredible trend, and that means ensuring proper security and protections—the IoT Cybersecurity Improvement Act is a step in that direction.”
NIST and OMB must modify IoT security guidelines and policies every five years under the legislation.