Press Releases
WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA), former technology entrepreneur and Vice Chairman of the Senate Select Committee on Intelligence, applauded the house passage of the Internet of Things (IoT) Cybersecurity Improvement Act – legislation to require minimum security requirements for Internet of Things (IoT) devices purchased by the U.S. government. Sen. Warner authored and introduced this legislation in the Senate back in August 2017. He reintroduced the bill in the 116th Congress with a House companion led by U.S. Reps. Robin Kelly and Will Hurd. That legislation passed through the Senate Homeland Security and Governmental Affairs Committee in June 2019 and now awaits consideration in the Senate.
“The House passage of this legislation is a major accomplishment in combatting the threats that insecure IoT devices pose to our individual and national security. Frankly, manufacturers today just don’t have the appropriate market incentives to properly secure the devices they make and sell – that’s why this legislation is so important,” said U.S. Sen. Mark R. Warner. “I commend Congresswoman Kelly and Congressman Hurd for their efforts to push this legislation forward over the past two years. I look forward to continuing to work to get this bipartisan, bicameral bill across the finish line in the Senate.”
Specifically, the Internet of Things (IoT) Cybersecurity Improvement Act introduced by Sen. Warner would:
- Require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IoT devices.
- Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, and charge OMB with reviewing these policies at least every five years.
- Require any Internet-connected devices purchased by the federal government to comply with those recommendations.
- Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidance on coordinated vulnerability disclosure to ensure that vulnerabilities related to agency devices are addressed.
- Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.
Sen. Warner, the Vice Chairman of the Senate Select Committee on Intelligence and former technology executive, is the co-founder and co-chair of the bipartisan Senate Cybersecurity Caucus and a leader in Congress on security issues related to the Internet of Things.
###