U.S. legislators introduce bipartisan IoT security standards bill
Lawmakers have introduced legislation in a bipartisan effort to establish national standards in the U.S. for the cybersecurity of internet-of-things (IoT) devices used by the government, The Hill reports.
The bill is being sponsored in the Senate by Senators Mark Warner (D-Va.) and Cory Gardner (R-Colo.), and in the House by Representatives Will Hurd (R-Texas) and Robin Kelly (D-Ill.). A different version of the bill was introduced by Gardner and Warner in the previous sitting of Congress, but did not advance. The two Senators also co-chair the Senate Cybersecurity Caucus, and Warner is vice chairman of the Senate Intelligence Committee.
Other Senators from both parties have also expressed support for the bill, according to The Hill. The bill directs NIST to make recommendations to the government, and establish minimum requirements to address vulnerabilities. NIST would also issue a report on increasing IoT device use and overlap, and the Office of Management and Budget (OMB) would create guidelines for device purchase and use. The policies and recommendations would also be revisited by NIST and OMB every five years.
NIST issued a report on IoT security last year, which discussed the use of biometrics among a range of security access control technologies. The Department of Homeland Services Science and Technology Directorate has contracted Plurilock to develop an identity management platform with behavioral biometrics for IoT devices.
“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure,” Kelly said in a statement. “Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices.”
The Hill reports that cybersecurity firms Symantec and Cloudflare are among the bill’s supporters, as are researchers from Harvard and Stanford.