A bipartisan, bicameral bill introduced in Congress this week would require vendors selling Internet of Things or IoT connected devices devices to the federal government to meet minimum security standards defined by government scientists.
The bill, introduced in the Senate by Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.) and in the House by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), mandates the National Institute of Standards and Technology, or NIST, to set the standards.
Working with NIST, the Office of Management and Budget would write guidelines for the purchase and use of IoT devices into the Federal Acquisition Regulations. And review them every five years to ensure they were still in line with best practices.
IoT devices like webcams, thermostats and TVs are often not updated or patched — and some are sold with known vulnerabilities. The bill hopes to use the federal government’s power as a large-scale consumer to raise security standards in the IoT ecosystem as a whole.