A bipartisan group of US senators has introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2017, which seeks to impose baseline cybersecurity standards for IoT devices sold to the US government. The bill, defines “Internet-Connected Device” to mean “a physical object that—(A) is capable of connecting to and is in regular connection with the Internet; and (B) has computer processing capabilities that can collect, send, or receive data.” The reach of the bill’s legislation would be quite broad notwithstanding its limitation to devices placed with government agencies. The bill implements the baseline security requirements by requiring the Director of the Office of Management and Budget to coordinate with certain government agencies to prepare and issue guidelines regarding the security of IoT devices placed with federal agencies.
To read more about the bill and its implications, please read the article written by our colleagues Amanda Fitzsimmons and Vinny Sanchez.