IoT Cybersecurity Bill Debuts in Congress

Dubbed the Internet of Things (IoT) Cybersecurity Improvement Act of 2019, there’s a new bill making its way through the halls of Congress.

Presented in the Senate on March 12 by Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.), and in the House by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill), the bill aims to take on the increasing security threat posed by the deluge of IoT devices hitting the market.

“Internet-of-things devices will improve and enhance nearly every aspect of our society, economy and our day-to-day lives. This is groundbreaking work and IoT devices must be built with security in mind, not as an afterthought,” said Hurd, a former computer science major, cybersecurity entrepreneur and Chair of the House Subcommittee on Information Technology. “This bipartisan legislation will make internet-of-things devices more secure and help prevent future attacks on critical technology infrastructure.”

While few private-sector leaders welcome regulation, most in the tech industry readily recognize the huge threats IoT presents to consumers, organizations of all types, and government agencies. Without something in place to drive security as a top priority, not much would change.

Soracom’s Kenta Yasukawa

“Security concerns represent the single biggest obstacle to IoT development and public adoption. It remains one of the biggest challenges in IoT, not because it can’t be done right but because projects often prioritize things like reducing cost and accelerating speed to market,” said Kenta Yasukawa, co-founder and CTO of Soracom, an IoT cellular connectivity provider.

Standards in any industry provide the consistency and stability necessary to remove uncertainty for developers and manufacturers, as well as for buyers and users.

“The good news is, IoT is not inherently insecure. Clear standards remove uncertainty for developers, reassure consumers, and shift the internet of things toward the effective practices already in place in security-conscious industries like finance and transportation — and across cellular data networks,” said Yasukawa.

“Clear standards for device and network protection will help the entire industry focus on security, reassure consumers, and get it right.”

The Act will require that devices purchased by the U.S. government meet certain minimum security requirements by 2020. 

“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure. Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices,” said Rep. Kelly.