Bipartisan Senate Group Introduces IoT Security Bill for Government-Purchased Devices
Legislation requiring the government to buy IoT devices with certain minimum security standards was introduced today by a bipartisan group including Sens. Steve Daines, R-Mont., Cory Gardner, R-Colo., Mark Warner, D-Va., and Ron Wyden, D-Ore. In a Tuesday joint news…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
release, they said the Internet of Things Cybersecurity Improvement Act would mandate vendors ensure their devices are patchable, rely on industry standard protocols, don't include hard-coded passwords that can't be changed and don't have any known vulnerabilities. It would instruct the Office of Management and Budget "to develop alternative network-level security requirements for devices with limited data processing and software functionality" and direct the Department of Homeland Security to issue guidelines on vulnerability disclosure policies for contractors. The release said the bill has endorsements from the Atlantic Council, Cloudflare, Center for Democracy & Technology, Mozilla, Symantec, TechFreedom and others.