The House Oversight and Reform Committee has passed HR-1668, a bipartisan bill to set standards for managing cybersecurity risks of government-owned interconnected devices on the Internet of Things.
“As technology changes and revolutionizes the delivery of services, the government is purchasing and using more and more Internet-connected devices,” sponsors said in a statement. Such devices, ranging from cars to refrigerators, represent a “backdoor for hackers and tools for cybercriminals . . . it’s alarming that we still lack basic security standards for these devices, particularly for government-owned connected technology.”
The measure would require the National Institute of Standards and Technology to develop security guidelines by next June 30 and would require OMB to issue policies for implementing them by the end of next year. Any Internet-connected devices purchased by the federal government would then have to comply with those standards.
The bill also would require similar guidelines from NIST and standards from OMB on reporting, coordinating, and publishing security vulnerabilities of IoT devices.
Similar legislation (S-734) is set to come to a vote soon in the counterpart Senate Homeland Security and Governmental Affairs Committee.