Congresswoman Kelly to Introduce Cybersecurity Legislation for Government-Purchased Internet-Connected Devices
Washington, D.C. - This week, Congresswoman Robin Kelly, ranking member of the IT subcommittee, will introduce legislation to address cyber vulnerabilities created by the adoption of Internet-connected devices, commonly called ‘IoT’ or the ‘Internet of Things.’
“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure. Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices,” said Congresswoman Robin Kelly. “It’s estimated that by 2020 there will be 30 million internet-connected devices in use. As these devices positively revolutionize communication, we cannot allow them to become a backdoor to hackers or tools for cyberattacks.”
The legislation would require basic cybersecurity standards to be baked into government-purchased IoT devices.
Congresswoman Kelly originally released a discussion draft of the legislation in August 2017. Over the last sixteen months, she has received and incorporated extensive feedback from advocates, government agencies, lawmakers and other key stakeholders to craft the final legislation.
“For the last 16 months, I’ve actively sought feedback on my federal IoT cybersecurity discussion draft. My goal was to create the best possible legislation to harden government-purchased and used IoT devices,” added Congresswoman Kelly.
In many ways, Congresswoman Kelly’s legislation is similar to the Senate’s Internet of Things Cybersecurity Improvement Act, introduced by Senator Mark Warner (D-VA). The bills differ in their definition of IoT devices and the Kelly bill further empowers agency CIOs with additional waiver powers.
The legislation has already won the support of academics and industry leaders.
"This bill makes important progress on one of the most pressing cybersecurity threats of our time. It leverages federal purchasing power to create pro-security market pressure and, equally important, serves as a model for the implementation of similar standards elsewhere," said Jonathan Zittrain, Professor of Law and Professor of Computer Science, Harvard University. "The bill commits to engaging with academic and private-sector security experts to help craft specific agency guidelines. Casting a wide net during the advisory phase will both yield better policy and, if done fully, meaningfully enfranchise non-governmental partners."
“Unsecured IoT devices are an enormous – and growing – risk. But it does not have to be that way; IoT devices can be secured, and the federal government can set an example for the private sector,” Jeff Greene, VP, Global Government Affairs & Policy, Symantec. “We applaud Congresswoman Kelly for taking action to address this threat and to improve the Federal government’s IoT security. We look forward to working with her as this legislation moves forward.”