A bill to require all federal government devices belonging to the “Internet of Things” to meet minimum security requirements passed the U.S. House of Representatives on Monday.
U.S. Sen. Cory Gardner is the co-sponsor of the companion bill in the Senate, the Internet of Things Cybersecurity Improvement Act. In a statement, Gardner said that “[m]ost experts expect tens of billions of devices operating on our networks within the next several years as the Internet of Things (IoT) landscape continues to expand. We need to make sure these devices are secure from malicious cyber-attacks as they continue to transform our society and add countless new entry points into our networks, particularly when they are integrated into the federal government’s networks.”
IoT refers to Internet-connected devices and sensors that allow for data to be sent and received. Such technology also has the potential to be a weak point in a system’s overall security. Robert P. Ashley Jr., until recently the director of the Defense Intelligence Agency, testified that mobile devices and the IoT were “the most important emerging cyberthreats to our national security.”
The legislation as passed by the House would direct the Office of Management and Budget to review federal information security policies for compliance with recommended standards, require contractors supplying IoT devices to adopt disclosure policies for vulnerabilities, and prohibit the procurement of devices that do not meet security requirements.
The Senate has yet to act on the bill.