Cybersecurity Alert: IoT Security Bill is Signed Into Law

In December of 2020, President Trump signed into law a bipartisan bill that mandates security standards for federal purchases of internet-connected devices. This law, the IoT Cybersecurity Improvement Act (the Act), yields new national rules governing the growing market for the industrial internet of things (IoT) technology. The Act requires the National Institute of Standards and Technology to develop minimum cybersecurity standards for any internet-connected device sold by vendors to the U.S. government. These IoT vendors are also required to create vulnerability disclosure policies that allow federal officials to learn of security flaws as soon as they are uncovered.

As a bill, the Act sailed through the House and Senate with overwhelming support. No senator objected to its approval or sought a roll call vote back in November of 2020. As a law, the Act will protect national security and personal information of American families by ensuring that the U.S. government purchases secure technological devices and closes existing vulnerabilities. Internet-connected federal devices can include a variety of systems such as elevators, fire suppression, heating and cooling, lighting, audio and video equipment, and eventually autonomous vehicles.

Before the Act, the U.S. government was purchasing IoT devices without a standard for security to prevent them from being used in attacks or to gain unauthorized access points to U.S. government networks. Now, our federal infrastructure is more secure from threats, both foreign and domestic. The Act, which has generated support from industry heavyweights such as The Software Alliance, provides the first federal standards for a fast-growing world of technology that has reached an estimated 20.4 billion device units. Moreover, IoT device manufacturers welcome clear national standards that will likely expand beyond federal contracting to govern areas concerning how these devices are made for the public as well.

How Brouse Can Help

The IoT Cybersecurity Improvement Act is only the first step toward bolstering security of IoT devices, and several states have even begun enacting local legislation to provideregulations in this growing industry as well. Brouse McDowell’s Cybersecurity and Data Privacy team can provide the guidance and tools you need to navigate IoT regulations and other data security and privacy laws. Along with providing insight to your business regarding privacy law compliance, we also provide proactive solutions for companies to defend against cyber-attacks and general guidance through the complexities of all data privacy laws and regulations. Our team offers a variety of services, including pre-breach and cybersecurity planning, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Please contact us for more information and to learn how we can partner with you.