Federal Law Mandating the Creation of “Internet Of Things” Security Standards is Ready to be Signed

Troutman Pepper

Troutman Pepper

On November 17, the U.S. Senate unanimously approved the Internet of Things Cybersecurity Improvement Act (H.R. 1668). The bill had strong bipartisan support and easily passed in the U.S. House of Representatives in September. The bill now waits to be signed by President Trump.

This bill mandates the creation of baseline security standards for all federal government purchases of internet-connected devices. The National Institute of Standards and Technology (“NIST”), which has published general best practices involving “Internet of Things” (“IoT”) before, will partner with the Office of Management and Budget (“OMB”) to draft these standards. The bill also requires IoT vendors to create vulnerability disclosure policies that detail security flaws to federal officials.

Representative Robin Kelly, D-Ill., a member of the bipartisan sponsor group for the bill’s House version stated that the bill “will ensure that the U.S. government purchases secure devices and closes existing vulnerabilities to protect our national security and the personal information of American families.” Representative Kelly elaborated earlier this year on the need for the bill, stating “[w]e cannot wait as more devices are connected to government networks that could potentially become part of a botnet or an entryway for hackers.”

Internet-connected devices may include heating and cooling systems, lighting, elevators, medical devices, and potentially vehicles.

A prior version of the bill was introduced in 2017 but did not move out of the Senate. The current bill alleviates concerns raised that the prior bill was overbroad by explicitly excluding certain categories of devices, such as personal computers.

The current bill also has industry support, notably from the Software Allegiance, a trade group representing major tech companies such as Apple and Microsoft.

Troutman Pepper will provide updates on future movements regarding the Internet of Things Cybersecurity Improvement Act and other related statutes and regulations.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Troutman Pepper | Attorney Advertising

Written by:

Troutman Pepper

Troutman Pepper on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.