September 24, 2020

Volume X, Number 268

September 23, 2020

Subscribe to Latest Legal News and Analysis

September 22, 2020

Subscribe to Latest Legal News and Analysis

September 21, 2020

Subscribe to Latest Legal News and Analysis

Congress Acts to Protect USA from Killer Appliances: New Bill Aims to Shore Up Country’s Defenses against IoT Attacks—but Will it Be Enough?

Aww the internet of things. A strange and ephemeral virtual network where our refrigerators and stoves harmonize and communicate with our air conditioners and toaster ovens assuring a single “smart” home or office environment.

One day, perhaps, the IoT will assure life on Earth nears Nirvana-like perfection for all of its living inhabitants. We’ll never enter a room without it have been pre-cooled to our desired temperature and our ovens will never need to be preheated because their predictive algorithms will know we intend to bake cookies before it ever dawns on us to do so.

For now, however, the IoT is a clunky and inelegant thing patched together from innumerable overlays and sketchy network protocols. And it is ever so subject to hacking and infiltration. Leaving us susceptible, it would seem, to rouge coffee makers filling our bedrooms with espresso aromas at all hours of the night and ice machines that just won’t stop spewing the cold stuff, even when the bin is full.


Whether the threat of “killer appliances” is real or imagined or just made up by me, right now, in this blog post, I leave for you to decide. But Congress isn’t taking any chances.

In a new bill that went flying through yesterday, the House of Representatives passed a bill designed to better secure all of the appliances used by Government agencies from cyber-attacks. The bill is called IoT Cybersecurity Improvement Act of 2020 and it is found here.  And lest anyone think this bill is more useful than that, it is specifically written to not include “conventional Information Technology devices, such as smartphones and laptops.”

No folks. This bill is designed exclusively and intentionally to protect the nation’s coffee makers and refrigerators. In the event of war, we simply cannot risk members of our valuable federal government being without these critical appliances.

To assure that the nation’s “infrastructure” is safe, the bill requires the National Institute of Standards and Technology to promulgate “standards and guidelines” for the Federal Government on the “appropriate use and management by agencies of Internet of Things devices” including “minimum information security requirements for managing cybersecurity risks associated with such devices.”

Allow me to translate: the House just passed a bill requiring rules to be developed for federal agency employees to abide by when handling their smart appliances.


As a few examples of what these rules should include: i) examples of possible security vulnerabilities of Internet of Things devices (I’m looking forward to that list); ii) considerations for managing the security vulnerabilities of Internet of Things devices (considerations?); and iii) identification management for IoT devices. (Identification management. For appliances.)

Well, while reasonable minds can disagree on the need for national standards to protect our national crockpots from foreign interference, it is nice to see that the House can come together to pass an important piece of legislation even in this era of crazed partisanship.

We’ll see if the Senate chooses to do the same.

© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume X, Number 260


About this Author

Eric Troutman Class Action Attorney
Of Counsel

Eric Troutman is one of the country’s prominent class action defense lawyers and is nationally recognized in Telephone Consumer Protection Act (TCPA) litigation and compliance. He has served as lead defense counsel in more than 70 national TCPA class actions and has litigated nearly a thousand individual TCPA cases in his role as national strategic litigation counsel for major banks and finance companies. He also helps industry participants build TCPA-compliant processes, policies, and systems.

Eric has built a national litigation practice based upon deep experience, rigorous...