U.S. House Of Representatives To Continue Legislative Push To Regulate The Internet Of Things

King & Spalding

Representative Robin Kelly (D-IL), the Ranking Member of the Information Technology Subcommittee of the House Oversight and Government Reform Committee, is planning on introducing legislation to bolster cybersecurity surrounding the Internet of Things. A discussion draft of Kelly’s Internet of Things (“IoT”) Cybersecurity Improvement Act 2017 follows and seeks to build upon S. 1691, a companion measure introduced in the Senate earlier this year by Senators Mark Warner (D-VA), Cory Gardner (R-CO), Ron Wyden (D-OR), and Steve Daines (R-MT).

The Senate IoT bill “would require that devices purchased by the US government meet certain minimum security requirements.”  Perhaps most importantly, “vendors who supply the US government with IoT devices would have to ensure that their devices are patchable, do not include hard-coded passwords that can’t be changed, and are free of known security vulnerabilities, among other basic requirements.”  The legislation also proposes to:

  • Direct the Office of Management and Budget to develop alternative network-level security requirements for devices with limited data processing and software functionality;
  • Direct the Department of Homeland Security’s National Protection and Programs Directorate to issue guidelines regarding cybersecurity coordinated vulnerability disclosure policies to be required by contractors providing connected devices to the U.S. Government; and
  • Require each executive agency to inventory all Internet-connected devices in use by the agency.

According to Senator Warner, “This legislation would establish thorough, yet flexible, guidelines for Federal Government procurements of connected devices. My hope is that this legislation will remedy the obvious market failure that has occurred and encourage device manufacturers to compete on the security of their products.”

Representative Kelly’s bill aims to closely track S. 1691, but will include additional provisions to, for example, create an Emerging Technologies Advisory Board. This Board is to include representatives from the National Institute of Standards and Technology, the Department of Homeland Security, the General Services Administration, the National Telecommunications and Information Administration, the Federal Communications Commission, the Federal Trade Commission, and the Attorney General’s office. Representative Kelly’s bill also lays the groundwork for “guidelines regarding the coordinated disclosure of security vulnerabilities and defects.”

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.