By Dave McKay | January 2, 2021
IoT Cyber Security Bill Enacted
The Internet of Things Cybersecurity Improvement Act was officially signed into U.S. law in dec. 2020. It requires any Internet of Thing (IoT) device purchased with government funds to meet minimum security standards. The massive growth of the IoT market has seen slip-shod research and development coupled with a lack of understanding of cyber security by design by some manufacturers, mean the market is swimming in insecure and easily exploited, vulnerable devices.
Unanimous Approval
The type of IoT devices in use by Federal government agencies are weather sensors by the Environmental Protection Agency and autonomous surveillance towers by the Customs and Border Protection.
Companies like Symantec, Mozilla, and the National Security Agency (NSA) were consulted when the unanimously-supported bill was drafted, and topics such as secure development, identity management, patching, and configuration management were considered.
The bill specifically focuses on improving the security of federal devices with standards provided by the National Institute of Standards and Technology (NIST). It will cover devices from the initial development stages right through to the final product, ensuring that devices are developed using security-led processes.
A Welcome Step in the Right Direction
Although the bill is a step in the right direction, commentators say that it only begins to scratch the surface of what needs to be done. To that end, it is likely that the bill will serve as a catalyst for future legislative efforts.
Although the Internet of Things Cybersecurity Improvement Act of 2020 is a U.S. legislation only, and only covers Federal government agencies, if the manufacturers raise their game to comply with this legislation, we’ll all benefit.
The U.K. is in the process of developing its own similar legislation, with the consultation phase concluded in 2020.
Source: All About Circuits