Congress

New bill sets IoT standards for federal suppliers

Shutterstock image (by a-image): connected devices around the world. 

A just-introduced Senate bill would set new standards for government IT vendors. The Internet of Things Cybersecurity Improvement Act of 2017 aims to bolster the security of government acquired IoT devices. This legislation could be a step towards reducing botnets, as called for by the Trump administration’s cybersecurity executive order.

Sens. Mark Warner (D-Va.), Cory Gardner (R-Colo.), Ron Wyden (D-Ore.) and Steve Daines (R-Mont.) are sponsors of the measure.

The bill, introduced on Aug. 1, would require connected devices purchased by government agencies to be patchable, and would ban devices that are shipped with hard-coded passwords.

In a statement, Warner, co-chair of the Senate Cybersecurity Caucus complained that "too many internet-connected devices are being sold without appropriate safeguards and protections in place." His bill would provide "thorough, yet flexible, guidelines for Federal Government procurements of connected devices," he said.

The bill would also require each executive level agency head to create an inventory of all connected devices used by the agency. The Office of Management and Budget and the secretary of the Department of Homeland Security would establish guidelines for the agencies based on DHS's Continuous Diagnostics and Mitigation program.

The legislation follows calls for tighter security and more standards for IoT devices to keep information safeguarded from potential attacks. The Government Accountability Office recently recommended the Department of Defense update its policies to address IoT risks that leave them vulnerable to hacks. In the statement, Gardner, the other chair of the Senate Cybersecurity Caucus, said the bill would “ensure the federal government leads by example and purchases devices that meet basic requirements to prevent hackers from penetrating our government systems.”

About the Author

Ben Berliner is an editorial fellow at FCW. He is a 2017 graduate of Kenyon College, and has interned at the Center for Responsive Politics and at Sunlight Foundation.

He can be contacted at bberliner@fcw.com.

Click here for previous articles by Berliner.


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.