Lawmakers introduce bipartisan bill for 'internet of things' security standards

Lawmakers introduce bipartisan bill for 'internet of things' security standards
© Greg Nash

A bipartisan group of lawmakers on Monday unveiled legislation that would create cybersecurity standards for internet-connected devices, often known as the “internet of things.”

The bill, introduced in the Senate by Sens. Mark WarnerMark Robert WarnerDems request probe into spa owner suspected of trying to sell access to Trump Live video of New Zealand shooting puts tech on defensive The Hill's Morning Report — Trump readies first veto after latest clash with Senate GOP MORE (D-Va.) and Cory GardnerCory Scott GardnerOvernight Health Care: CDC pushes for expanding HIV testing, treatment | Dem group launches ads attacking Trump on Medicare, Medicaid cuts | Hospitals, insurers spar over surprise bills | O'Rourke under pressure from left on Medicare for all Dem group launches ads attacking Trump's 'hypocrisy on Medicare and Medicaid cuts' Trump keeps tight grip on GOP MORE (R-Colo.) and in the House by Reps. Will HurdWilliam Ballard HurdThe 25 Republicans who defied Trump on emergency declaration The 31 Trump districts that will determine the next House majority Hillicon Valley: US threatens to hold intel from Germany over Huawei | GOP senator targets FTC over privacy | Bipartisan bill would beef up 'internet of things' security | Privacy groups seize on suspended NSA program | Tesla makes U-turn MORE (R-Texas) and Robin KellyRobin Lynne KellyHillicon Valley: US threatens to hold intel from Germany over Huawei | GOP senator targets FTC over privacy | Bipartisan bill would beef up 'internet of things' security | Privacy groups seize on suspended NSA program | Tesla makes U-turn Lawmakers introduce bipartisan bill for 'internet of things' security standards Worries mount as cybersecurity agency struggles amid shutdown MORE (D-Ill.), would require established standards for government use of the devices.

Internet of things devices can open the door to a host of potential security issues; Hackers who are able to access one device can sometimes find a way to manipulate other connected items. They can also infiltrate networks or systems linked to the devices.

ADVERTISEMENT

Government officials, lawmakers and security researchers have pointed to the vulnerabilities created by the interconnected nature of the devices — which can include products from ranging from vehicles to home appliances like doorbells — as a major cybersecurity concern.

Gardner and Warner introduced a different version of the bill in the 115th Congress, but the measure did not advance.

Warner, who co-chairs the Senate Cybersecurity Caucus with Gardner and is vice chairman of the Senate Intelligence Committee, said in a statement that he’s concerned about internet of things devices “being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security.”

Gardner said that as the devices “continue to transform our society and add countless new entry points into our networks, we need to make sure they are secure, particularly when they are integrated into the federal government’s networks.”

Sens. Maggie HassanMargaret (Maggie) HassanLawmakers introduce bipartisan bill for 'internet of things' security standards Koch-backed group pushes for new limits on Trump's tariff authority Top White House official warns hospitals on surprise medical bills MORE (D-N.H.) and Steve DainesSteven (Steve) David DainesRepublicans up for reelection fear daylight with Trump Overnight Defense: Senate breaks with Trump on Yemen war | Shanahan hit with ethics complaint over Boeing ties | Pentagon rolls out order to implement transgender ban | Dem chair throws cold water on Space Force budget Senate breaks with Trump on Saudi-led war in Yemen MORE (R-Mont.) are also backing the legislation.

Under the bill, the National Institute of Standards and Technology (NIST) would create recommendations for the federal government’s use of internet of things devices, including establishing minimum security requirements to address the products' cyber vulnerabilities.

The NIST would also be required to issue a report on the increasing use and overlap of internet of things devices, including recommendations on how to address cybersecurity issues.

The legislation also would require the Office of Management and Budget (OMB) to create guidelines for the purchase and use of such devices. And the NIST and OMB would have to revisit the policies and recommendations every five years to ensure they are in line with best practices.

“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure,” Kelly, who introduced the House version of the bill with Hurd, said in a statement. “Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices.”

Hurd described the bill as “groundbreaking work” and called for internet of things devices to “be built with security in mind, not as an afterthought.”

Several prominent security firms and groups are backing the legislation, including Symantec, Cloudflare and researchers at universities like Harvard and Stanford.