This past Monday, March 11th 2019, along with a host of bipartisan supporters and co-sponsors, Senator Mark Warner (D-VA) officially introduced a new piece of legislation he calls the “Internet of Things (IoT) Cybersecurity Improvement Act of 2019.” The bill comes as a result of years of work, following an investigation of IoT vulnerabilities and flaws originally undertaken by Senator Warner in 2017 – directly on the heels of the US Senate Intelligence Committee’s investigation into Russian interference in the 2016 US Presidential Elections, a committee and investigation led by none other than Senator Warner himself.
As is, if passed, the bill would:
- Requires the National Institute of Standards and Technology (NIST) to craft recommendations that address secure development, identity management, patching and configuration management for IoT devices
- Requires the Office of Management and Budget (OMB) to come up with agency guidelines based on the NIST guidance.
- Requires the OMB to review agency policies every three years.
- Requires NIST to work with security researchers and industry professionals to coordinate vulnerability disclosures while requiring contractors and vendors to maintain coordinated vulnerability disclosure policies to ensure information on a vulnerability is disseminated out to government agencies with priority.
- Mandates/restricts government agencies to purchasing or use only those devices found to be in compliance with new NIST recommendations set into precedent with the legislation.
In a message attached to the release of his legislation, Senator Warner stated “While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security. This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices” – to better secure the US Government and Internet of Things collectively as we move into the future.
Scroll Through Bill for Yourself:
2017 Version Leading To This Weeks New Bill:IoT_Cybersecurity_Improvement_Act_2017