The IoT Cybersecurity Improvement Act Sets National Standards for Smart Devices

Despite the ongoing pandemic, election issues, and all around chaos that seems to plague society today, Congress has managed to complete the final touches on a new law that will regulate the Internet of Things (“IoT”).  Known as the IoT Cybersecurity Improvement Act, the law has received bipartisan support and approval from the industry.  

IoT Cybersecurity Improvement Act Sets Standards 

Under the advisement of technology experts such as Mozilla, BSA The Software Alliance, and Symantec, the law addresses many different aspects of the Internet of Things, which includes but is not limited to, security, development, identity management, updating and patches, and configuration management.  

Specifically, the law sets guidelines and requirements that will govern how IoT-related products should be handled.  While companies may still choose to opt-out and not comply with the IoT Cybersecurity Improvement Act, the companies that do abide by the new law will be able to claim and advertise that they are industry approved and meet IoT standards, which will help discerning consumers who may be concerned about the security of their IoT devices.  The passage of this new law is also timely as some state legislatures are already in the process of passing similar legislation that will govern IoT standards at a state level.

IoT Devices and Security

The IoT Cybersecurity Improvement Act comes at a critical time as the market for IoT devices is exploding, and IoT-enabled devices have become increasingly popular and commonplace.  With such growth, however, has also come security breaches and the development of bots that will prey on IoT-enabled devices that are not secure.  These “botnets” are known for creating a web or constellation-like network between unsecure devices that connect to each other using the Internet of Things, which has the potential for dangerous exploitation of vulnerability in IoT devices. 

While Congress and technology companies alike agree that they cannot ever promise that an IoT-enabled device is 100% secure, the IoT Cybersecurity Improvement Act will at least force some manufacturers to meet industry standards when it comes to consumer privacy and security.  In other words, it simply raises the bar for entry for product manufacturers that want to sell such devices.  

The European Union has also begun to develop similar laws regarding IoT security and have many initiatives in the works that are aimed at shoring up any vulnerabilities in IoT devices and privacy law.  Undoubtedly, they will look to the new IoT Cybersecurity Improvement Act for some guidance.  

Key Takeaways on the New Federal Standards for IoT Devices

Congress has passed the new IoT Cybersecurity Act, which aims to: 

• provide guidance and set standards for manufacturers;

• encourage manufacturers to strengthen the security of their IoT devices in order; and

• improve consumer confidence in IoT devices by allowing for manufacturers to tout that they are compliant with the IoT Cybersecurity Act.

For more insights on cybersecurity, see our IP Litigation and Industry Focused Legal Solutions pages.

You may also be interested in: