After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature…
After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature. The bill establishes minimum security standards for Internet of Things (IoT) devices owned or controlled by the Federal Government.
The House of Representatives passed the IoT Cybersecurity Improvement Act (H.R. 1668) in September, and the Senate approved it on November 17 by unanimous consent. President Donald Trump is expected to sign the bill.
“While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security,” Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO) said in a press statement. “I’m proud that Congress was able to come together today to pass this legislation, which will harness the purchasing power of the federal government and incentivize companies to finally secure the devices they create and sell.”
Proliferation of IoT Devices
The term “Internet of Things” (IoT) refers to the billions of physical devices around the world that are now connected to the internet, all collecting and sharing data. Essentially, any physical object can be transformed into an IoT device if it can be connected to the Internet to be controlled or communicate information. These devices include everyday objects, from home security systems to pacemakers which send and receive data via an Internet connection. With the growing popularity of virtual assistants like Amazon’s Alexa, internet connectivity is a growing feature on a wide range of electronic devices. The IoT technology reached 100 billion dollars in market revenue for the first time in 2017, and the figure is predicted to grow to approximately 1.6 trillion by 2025.
The IoT Cybersecurity Improvement Act would require the National Institute of Standards and Technology (NIST) to develop standards and guidelines for the Federal Government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices. The standards must be published within 90 days of enactment.
In developing the standards and guidelines, NIST must ensure that its efforts are consistent with its existing protocols regarding examples of possible security vulnerabilities of IoT devices; and considerations for managing the security vulnerabilities of IoT devices. It must also address the following with respect to IoT devices: (i) secure development; (ii) identity management; (iii) patching; and (iv) configuration management.
In addition to mandating NIST standards, the IoT Cybersecurity Improvement Act would also:
Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, including making any necessary revisions to the Federal Acquisition Regulation to implement new security standards and guidelines.
Require any IoT devices purchased by the federal government to comply with those recommendations.
Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidelines on vulnerability disclosure and remediation for federal information systems.
Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.
Key Takeaway
The Internet of Things Cybersecurity Improvement Act would only apply to federally-procured IoT devices. However, the legislation is likely to spur efforts to create a standard for the private sector as well.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Maryam Meseha, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
Does Your Homeowners Insurance Provide Adequate Coverage?
Your home is likely your greatest asset, which is why it is so important to adequately protect it. Homeowners insurance protects you from the financial costs of unforeseen losses, such as theft, fire, and natural disasters, by helping you rebuild and replace possessions that were lost While the definition of “adequate” coverage depends upon a […]
Understanding the Importance of a Non-Contingent Offer
Making a non-contingent offer can dramatically increase your chances of securing a real estate transaction, particularly in competitive markets like New York City. However, buyers should understand that waiving contingencies, including those related to financing, or appraisals, also comes with significant risks. Determining your best strategy requires careful analysis of the property, the market, and […]
Fred D. Zemel Appointed Chair of Strategic Planning at Scarinci & Hollenbeck, LLC
Business Transactional Attorney Zemel to Spearhead Strategic Initiatives for Continued Growth and Innovation Little Falls, NJ – February 21, 2025 – Scarinci & Hollenbeck, LLC is pleased to announce that Partner Fred D. Zemel has been named Chair of the firm’s Strategic Planning Committee. In this role, Mr. Zemel will lead the committee in identifying, […]
Novation Agreement Process: Step-by-Step Guide for Businesses
Big changes sometimes occur during the life cycle of a contract. Cancelling a contract outright can be bad for your reputation and your bottom line. Businesses need to know how to best address a change in circumstances, while also protecting their legal rights. One option is to transfer the “benefits and the burdens” of a […]
What Is a Trade Secret? Key Elements and Legal Protections Explained
What is a trade secret and why you you protect them? Technology has made trade secret theft even easier and more prevalent. In fact, businesses lose billions of dollars every year due to trade secret theft committed by employees, competitors, and even foreign governments. But what is a trade secret? And how do you protect […]
What Is Title Insurance? Safeguarding Against Title Defects
If you are considering the purchase of a property, you may wonder — what is title insurance, do I need it, and why do I need it? Even seasoned property owners may question if the added expense and extra paperwork is really necessary, especially considering that people and entities insured by title insurance make fewer […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Is Federal IoT Security Legislation a Sign of What’s Next?
Author: Scarinci Hollenbeck, LLC
After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature…
After receiving rare bipartisan support, the Internet of Things Cybersecurity Improvement Act is headed to President Donald Trump for signature. The bill establishes minimum security standards for Internet of Things (IoT) devices owned or controlled by the Federal Government.
The House of Representatives passed the IoT Cybersecurity Improvement Act (H.R. 1668) in September, and the Senate approved it on November 17 by unanimous consent. President Donald Trump is expected to sign the bill.
“While more and more products and even household appliances today have software functionality and internet connectivity, too few incorporate even basic safeguards and protections, posing a real risk to individual and national security,” Sens. Mark R. Warner (D-VA) and Cory Gardner (R-CO) said in a press statement. “I’m proud that Congress was able to come together today to pass this legislation, which will harness the purchasing power of the federal government and incentivize companies to finally secure the devices they create and sell.”
Proliferation of IoT Devices
The term “Internet of Things” (IoT) refers to the billions of physical devices around the world that are now connected to the internet, all collecting and sharing data. Essentially, any physical object can be transformed into an IoT device if it can be connected to the Internet to be controlled or communicate information. These devices include everyday objects, from home security systems to pacemakers which send and receive data via an Internet connection. With the growing popularity of virtual assistants like Amazon’s Alexa, internet connectivity is a growing feature on a wide range of electronic devices. The IoT technology reached 100 billion dollars in market revenue for the first time in 2017, and the figure is predicted to grow to approximately 1.6 trillion by 2025.
The IoT Cybersecurity Improvement Act would require the National Institute of Standards and Technology (NIST) to develop standards and guidelines for the Federal Government on the appropriate use and management by agencies of IoT devices owned or controlled by an agency and connected to information systems owned or controlled by an agency, including minimum information security requirements for managing cybersecurity risks associated with such devices. The standards must be published within 90 days of enactment.
In developing the standards and guidelines, NIST must ensure that its efforts are consistent with its existing protocols regarding examples of possible security vulnerabilities of IoT devices; and considerations for managing the security vulnerabilities of IoT devices. It must also address the following with respect to IoT devices: (i) secure development; (ii) identity management; (iii) patching; and (iv) configuration management.
In addition to mandating NIST standards, the IoT Cybersecurity Improvement Act would also:
Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, including making any necessary revisions to the Federal Acquisition Regulation to implement new security standards and guidelines.
Require any IoT devices purchased by the federal government to comply with those recommendations.
Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidelines on vulnerability disclosure and remediation for federal information systems.
Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.
Key Takeaway
The Internet of Things Cybersecurity Improvement Act would only apply to federally-procured IoT devices. However, the legislation is likely to spur efforts to create a standard for the private sector as well.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Maryam Meseha, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
