A bipartisan bill that sets specific cybersecurity standards for Internet of Things (IoT) devices used by all American government agencies has been passed in the US Senate. Called the IoT Cybersecurity Improvement Act 2020, it makes it mandatory for the director of National Institute of Standards and Technology (NIST) to evolve standards for government acquisition and use of such devices, and create a policy around disclosing security vulnerabilities in them. This Act would come into force latest within two years of enactment. The bill is currently waiting the American president’s signature to be enacted into law. This bill, if enacted, would apply to all establishments in the executive branch of the US government, except the Government Accountability Office (GAO), Federal Election Commission, governments of DC and of territories and possessions of the US, and government-owned contractor-operated facilities. The Bill borrows the definition of IoT devices from a May 2020 report from the National Institute of Standards and Technology (NIST) as per which, IoT devices “have at least one transducer (sensor or actuator) for interacting directly with the physical world, have at least one network interface [such as ethernet, Wi-Fi, Bluetooth, etc.], and are not conventional Information Technology devices, such as smartphones and laptops” and “can function on their own and are not only able to function when acting as a component of another devices, such as a processor”. The bill had been introduced by Democratic Representative Robin L. Kelly in November 2019 and was co-sponsored by multiple representatives across the political…
