Congress Sends IoT Cybersecurity Measure to President Trump’s Desk

Akin Gump Strauss Hauer & Feld LLP

[co-author: Taylor Daly]

On Tuesday, November 17, the Senate passed H.R. 1668, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, by unanimous consent. The bill, which previously passed the House of Representatives in September after being introduced by Reps. Robin Kelly (D-IL) and Will Hurd (R-TX), would require the National Institute of Standards and Technology (NIST) to develop standards and guidelines for the federal government on “the appropriate use and management by agencies of [IoT] devices owned or controlled by an agency and connected to information systems owned or controlled by an agency” within 90 days of enactment. While an identical measure, S. 734, was introduced in the Senate by Sens. Mark Warner (D-VA) and Cory Gardner (R-CO), the Senate ended up taking up the House bill.

These standards include “minimum information security requirements for managing cybersecurity risks associated with [IoT] devices.” The bill also directs NIST to consider relevant standards and best practices developed by the private sector, agencies and public-private partnerships. The IoT Cybersecurity Improvement Act also requires, no later than 180 days after enactment, that NIST to develop guidelines for reporting and publishing cybersecurity vulnerabilities in IoT devices owned or controlled by federal agencies and contractors.

While lawmakers have recognized the benefits of connected devices, many have expressed concerns about IoT device security. As a result, state lawmakers have also recently begun to take action to regulate the devices. In 2018, California Gov. Jerry Brown signed SB-327 into law, making California the first state to enact legislation regulating the security of IoT devices. Oregon quickly followed suit, and Gov. Kate Brown signed Bill 2395 into law in May 2019. Both measures came into force in January 2020 and require safeguards to defend against “unauthorized access, destruction, use, modification or disclosure” of information.

The bipartisan IoT Cybersecurity Improvement Act now awaits President Trump’s signature. Should the bill be signed into law, its final impact remains unknown as the scope of NIST’s related guidelines have yet to be determined.

We will continue to monitor for any legislative or regulatory updates pertaining to the use of IoT devices by the federal government.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising

Written by:

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.