The House oversight committee has pushed through legislation to beef up the security of internet of things devices and help thwart future attacks on key federal IT systems.
The Committee on Oversight and Reform on June 12 advanced the Internet of Things (IoT) Cybersecurity Improvement Act, which was introduced in the House in March by Reps. Will Hurd, R-Texas, and Rep. Robin Kelly, D-Ill, and then in the Senate by Sens. Mark R. Warner, D-Va. and Cory Gardner, R-Colo.
The bill requires devices purchased by the federal government meet certain minimum security requirements to secure Americans’ personal data and government networks. It also directs the National Institute of Standards and Technology to work with cybersecurity researchers and industry experts to publish guidelines on coordinated vulnerability disclosure.
NIST would also be mandated to publish a report and issue guidelines addressing secure development, identity management, patching and configuration management for IoT devices. The Office of Management and Budget would be required to promulgate standards for coordinated vulnerability disclosure related to agency devices based on NIST guidelines and require businesses that provider of IoT devices to the U.S. government to adhere to these standards.