October 24, 2020

Volume X, Number 298

Advertisement

October 23, 2020

Subscribe to Latest Legal News and Analysis

October 22, 2020

Subscribe to Latest Legal News and Analysis

October 21, 2020

Subscribe to Latest Legal News and Analysis

House Passes Internet of Things Cybersecurity Improvement Act

The House of Representatives recently passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 (the Act).  The Act has been moved to the Senate for consideration. The legislation sets minimum security standards for all IoT devices purchased by government agencies.

IoT refers to the myriad of physical devices that are connected to the internet, collecting and sharing data.  They are used by both consumers and corporations.

Common examples include products used by consumers such as fitness trackers and home thermostats, to devices used by business and government that measure air quality and the operation of military components.

Despite the tasks that can be accomplished by IoT devices, they remain vulnerable to cyberattack.  Currently, there is no national standard addressing cybersecurity for IoT devices.  There have been several attempts in recent years to develop of a national IoT strategy. For example, in late 2017, a coalition of tech industry leaders released a report that put out a call for creation and implementation of a national strategy to invest, innovate and accelerate development and deployment of IoT, and stressed the need to enact legislation which would, inter alia, require IoT security measures in a “comprehensive manner.” Further, as far back as 2015, the FTC issued “concrete steps” businesses can take to enhance the privacy and security of IoT for consumers.

According to a statement issued by Rep. Robin Kelly (D-IL), sponsor of the Act in the House, “Securing the Internet of Things is a key vulnerability Congress must address. While IoT devices improve and enhance nearly every aspect of our society, economy and everyday lives, these devices must be secure in order to protect Americans’ personal data.”  Senator Mark Warner (D-VA), who introduced the Senate version of the legislation back in 2017 stated that, “manufacturers today just don’t have the appropriate market incentives to properly secure the devices they make and sell – that’s why this legislation is so important.”  Rep. Kelly’s statement noted that many IoT devices are shipped with factory-set passwords that are frequently unable to be updated or patched. IoT devices also can represent a weak point in a network’s security, leaving the rest of the network vulnerable to attack.

The Act requires the National Institute of Standards and Technology (NIST) to publish standards and guidelines on federal government agencies’ use of IoT devices.  The Act states that the Office of Management and Budget is to review government policies to ensure they are in line with NIST guidelines. Federal agencies would be prohibited from procuring IoT devices or renewing contracts for such devices if it is determined that they do not comply with the security requirements.

New technologies and devices continuously emerge, promising a myriad of societal, lifestyle and workforce advancements and benefits including increased productivity, talent recruiting and management enhancements, enhanced monitoring and tracking of human and other assets, and improved wellness tools. While these advancements are undoubtedly valuable, the privacy and security risks should be considered and addressed prior to implementation or use, even without national IoT security legislation in place.

Jackson Lewis P.C. © 2020National Law Review, Volume X, Number 275
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Jeffrey M. Schlossberg, Employment Attorney, Jackson Lewis, Law firm
Principal

Jeffrey M. Schlossberg is a Principal in the Long Island, New York, Office of Jackson Lewis P.C. Mr. Schlossberg has devoted his entire career to the employment law field.

Mr. Schlossberg has extensive experience in handling all aspects of the employer-employee relationship. Areas of concentration include: employment discrimination prevention and litigation; workplace harassment policy development and compliance; social media and information privacy in the workplace; family and medical leave; disability matters; wage and...

631-247-4614
Advertisement
Advertisement