In December of 2020, President Trump signed into law a bipartisan bill that mandates security standards for federal purchases of internet-connected devices. This law, the IoT Cybersecurity Improvement Act (the Act), yields new national rules governing the growing market for the industrial internet of things (IoT) technology. The Act requires the National Institute of Standards and Technology to develop minimum cybersecurity standards for any internet-connected device sold by vendors to the U.S. government. These IoT vendors are also required to create vulnerability disclosure policies that allow federal officials to learn of security flaws as soon as they are uncovered.

As a bill, the Act sailed through the House and Senate with overwhelming support. No senator objected to its approval or sought a roll call vote back in November of 2020. As a law, the Act will protect national security and personal information of American families by ensuring that the U.S. government purchases secure technological devices and closes existing vulnerabilities. Internet-connected federal devices can include a variety of systems such as elevators, fire suppression, heating and cooling, lighting, audio and video equipment, and eventually autonomous vehicles.

Before the Act, the U.S. government was purchasing IoT devices without a standard for security to prevent them from being used in attacks or to gain unauthorized access points to U.S. government networks. Now, our federal infrastructure is more secure from threats, both foreign and domestic. The Act, which has generated support from industry heavyweights such as The Software Alliance, provides the first federal standards for a fast-growing world of technology that has reached an estimated 20.4 billion device units. Moreover, IoT device manufacturers welcome clear national standards that will likely expand beyond federal contracting to govern areas concerning how these devices are made for the public as well.

How Brouse Can Help

The IoT Cybersecurity Improvement Act is only the first step toward bolstering security of IoT devices, and several states have even begun enacting local legislation to provideregulations in this growing industry as well.