House Cybersecurity Leaders Introduce “Internet-of-Things” Legislation
Yesterday, a bipartisan and bicameral coalition introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2019 (H.R. 1168). The legislation would establish baseline security requirements for IoT devices purchased by the federal government.
In the House, this effort is being spearheaded by Congresswoman Robin Kelly (IL-02) and Congressman Will Hurd (TX-23), the former chairman and ranking member of the IT subcommittee during the 115th Congress.
“As the government continues to purchase and use more and more internet-connected devices, we must ensure that these devices are secure. Everything from our national security to the personal information of American citizens could be vulnerable because of security holes in these devices,” said Congresswoman Robin Kelly. “It’s estimated that by 2020 there will be 30 million internet-connected devices in use. As these devices positively revolutionize communication, we cannot allow them to become a backdoor to hackers or tools for cyberattacks.”
“Internet of Things devices will improve and enhance nearly every aspect of our society, economy and our day-to-day lives. This is groundbreaking work and IoT devices must be built with security in mind, not as an afterthought,” said Rep. Hurd, former computer science major, cybersecurity entrepreneur and Chair of the House Subcommittee on Information Technology. “This bipartisan legislation will make Internet of Things devices more secure and help prevent future attacks on critical technology infrastructure.”
This effort has won the support of other cybersecurity advocates in the U.S. House.
“IoT devices represent an exciting technology for the American and global consumer. Yet despite the benefits of IoT, we have to also realize the major security risks associated with it. Our own national security agencies have said as much and they recognize IoT as an important cyber and national security threat that needs to be addressed urgently. That’s what my bill, the IoT Cybersecurity Improvement Act, attempts to do by providing light-touch guidance and security requirements for IoT devices to protect the industry and ultimately the consumer. I am particularly grateful to my friends Representative Will Hurd (R-TX) and Representative Robin Kelly (D-IL) for their leadership on this bill and on this bipartisan issue. They are forward thinking on this and I’m grateful for their work in this space,” said Congressman Ted Budd (NC-13).
“I am excited to see more devices become interconnected and our government take advantage of the “Internet of Things”, said Rep. Ro Khanna (CA-17). “As more devices become connected, it is important we make sure any security vulnerabilities are addressed and that we prioritize cybersecurity.”
“The Internet of Things vastly expands the technological capabilities of our federal government, but we must remain vigilant of the security risks that come with it. Our bipartisan legislation will help ensure that government-purchased IoT devices are properly equipped to address the cybersecurity risks associated with this type of technology, so we can stop bad actors don’t from leveraging it to conduct cyber-attacks on our expanded critical infrastructure,” said Congressman John Ratcliffe (TX-04).
“I’ve been a huge proponent of modernizing our government, which includes utilizing the internet of things technology. But, we have to ensure that internet-enabled devices are safe and secure, especially as we expand their use in the government,” said Congressman Ted Lieu (CA-33). “Strong cybersecurity standards will help us embrace new and exciting technologies in a safe, smart way.”
“As Ranking Member of the Research and Technology Subcommittee, which has jurisdiction over the National Institute of Standards and Technology, I look forward to ensuring that the U.S. is setting the standard for cyber security in the Internet of Things,” said Representative James Baird (IN-04).
“IoT devices provide a lot of promise for the federal government but agencies must put security first when acquiring this technology,” said Rep. Gerry Connolly (VA-11). “The Internet of Things Cybersecurity Improvement Act will help agencies address security challenges when seeking to purchase internet connected devices.”
“Every IoT manufacturer has a sales pitch about how seamless and interconnected tech of the future will be – and that’s exciting. But we have to ensure the connected world our children and grandchildren will live in is also safe,” said Congressman Dutch Ruppersberger (MD-02). “I commend my colleagues for their hard work on this critical issue and am proud to support this effort.”
The Senate effort is being led by Senators Mark Warner (D-VA), Cory Gardner (R-CO), Maggie Hassan (D-NH) and Steve Daines (R-MT). The original co-sponsors in the House are Representatives Kelly (D-IL02), Hurd (R-TX23), Budd (R-NC13), Lieu (D-CA33), Marshall (R-KS01), Ruppersberger (D-MD02), Ratcliffe (R-TX04), Khanna (D-CA14), Meadows (R-NC11), Soto (D-FL09), Walker (R-NC06), Connolly (D-VA11), Baird (R-IN04) and Foster (D-IL11).
This legislation has already won the support of cybersecurity experts, privacy advocates and industry professionals.
“We applaud Senators Warner and Gardner and Representatives Kelly and Hurd for introducing the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The wireless industry is committed to ensuring the security of IoT devices and we look forward to working with the sponsors of the legislation on policies that will help protect consumers," added Kelly Cole, CTIA's senior vice president, government affairs.
"Billions of devices connect our world and in the coming years we will see billions more. Each device adds to an expanding and elastic attack surface that creates a massive gap in the ability to truly understand cyber risk at any given time. The Internet of Things (IoT) Cybersecurity Improvement Act, introduced by Representatives Robyn Kelly (D-IL) and Will Hurd (R-TX), tasks NIST with developing security guidelines to address critical vulnerabilities in the development of IoT devices that the federal government purchases. This legislation will help the government better manage its cyber risks, and provide a strong example for other organizations. We also strongly support the call for NIST to develop a report that addresses Cyber Exposure considerations related to the increasing convergence of IT, IoT, and OT devices, networks and systems, as the modern enterprise must manage risk across all these environments," said James Hayes, Vice President, Global Government Affairs, Tenable.
"Verizon applauds the introduction of the IoT Cybersecurity Improvement Act and thanks Senators Mark Warner (D-VA) and Cory Gardner (R-CO) and Representatives Robin Kelly (D-IL) and Will Hurd (R-TX) for their work on this important topic. As a leading network provider with a global footprint, cybersecurity is a cornerstone of Verizon's IoT mission. As America enters the 4th Industrial Revolution, where every device that can be connected, will be connected, cybersecurity is more important than ever. We need thoughtful leadership from industry and policymakers in tackling this important but complex issue. Verizon has and will continue to invest heavily to protect and secure our network and the IoT devices on it. We thank Sens. Warner and Gardner and Reps. Kelly and Hurd for their leadership on this issue, and we look forward to doing our part to make the promise of IoT technology a reality," added Verzion.
A full listing can be found here.