The House Oversight and Reform Committee on Wednesday approved bipartisan legislation aimed at improving the security of Internet of Things (IoT) devices by requiring the federal government to only purchase devices that meet minimum security standards.
The bill now goes to the House floor. The legislation has also been introduced in the Senate.
Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.) introduced the bill in the House. They said IoT devices can be “a weak point in a network’s security, leaving the rest of the network vulnerable to attack.”
“The IoT Cybersecurity Improvement Act will address both this market failure and the supply chain risk to the federal government stemming from insecure IoT devices by establishing light-touch, minimum security requirements for procurements of connected devices by the government,” a release from Hurd and Kelly said.
Among the bill’s provisions are a requirement for the National Institute of Standards and Technology (NIST) to issue guidelines addressing secure development, identity management, patching and configuration management for IoT devices, and for the White House Office of Management and Budget to issue standards to agencies consistent with the NIST guidelines.
“As technology changes and revolutionizes the delivery of services, the government is purchasing and using more and more Internet-connected devices,” Kelly said in a statement. “We have an obligation to prevent these devices from becoming a backdoor for hackers and tools for cybercriminals.”