Kelly's IoT Cybersecurity Improvement Passes U.S. House
oday, Reps. Robin Kelly's (D-Ill.) and Will Hurd's (R-Texas) cybersecurity legislation, the Internet of Things (IoT) Cybersecurity Improvement Act of 2020, passed the House of Representatives. The IoT Cybersecurity Improvement Act would require all IoT devices purchased by the U.S. government meet certain minimum security requirements.
"Today, the House took a major and overdue step toward improving US Cybersecurity. The bipartisan Internet of Things Cybersecurity Improvement Act will ensure the US government purchases secure devices and existing vulnerabilities are closed," said Kelly. "I want to thank my colleagues - Rep. Will Hurd and Sens. Mark Warner and Cory Gardner - for working with me on this bill as well as experts and partners inside and outside of government. As we face new challenges in the digital age, we must work together to solve them."
"Securing the Internet of Things is a key vulnerability Congress must address. While IoT devices improve and enhance nearly every aspect of our society, economy and everyday lives, these devices must be secure in order to protect Americans' personal data. The IoT Cybersecurity Improvement Act would ensure that taxpayers dollars are only being used to purchase IoT devices that meet basic, minimum security requirements. This would ensure that we adequately mitigate vulnerabilities these devices might create on federal networks.
"The Internet of Things grows every single day, and, by the end of next year, it will include more than 20 billion devices. The result is an astounding, unimaginable amount of data--90% of the data in the entire world was created in the last two years. America needs to keep up with this incredible trend, and that means ensuring proper security and protections--the IoT Cybersecurity Improvement Act is a step in that direction," said Hurd.
The Internet of Things is the term used to describe the growing network of Internet-connected devices and sensors. Many IoT devices are often shipped with factory-set, hardcoded passwords and oftentimes unable to be updated or patched. IoT devices also can represent a weak point in a network's security, leaving the rest of the network vulnerable to attack. Bad actors have used IoT devices to launch devastating Distributed Denial of Service (DDoS) attacks against websites, web-hosting servers, and internet infrastructure providers. The Director of the Defense Intelligence Agency has called IoT devices one of "the most important emerging cyberthreats to our national security."
The IoT Cybersecurity Improvement Act would address the supply chain risk to the federal government stemming from insecure IoT devices by establishing light-touch, minimum security requirements for procurement of connected devices by the government.