November 18, 2020

Senate Passes Bipartisan Legislation Cosponsored by Senator Hassan to Secure Internet-Connected Devices

WASHINGTON – The Senate passed bipartisan legislation yesterday, introduced by U.S. Senators Maggie Hassan (D-NH), Mark Warner (D-VA), Cory Gardner (R-CO), and Steve Daines (R-MT), to require baseline security requirements for Internet of Things (IoT) devices purchased by the federal government. Their bipartisan legislation would leverage the purchasing power of the federal government to help move the wider market for IoT devices towards greater cybersecurity. The Internet of Things (IoT) Cybersecurity Improvement Act passed the U.S. House of Representatives in September and now heads to the President’s desk for signature.

 

“So many of our day-to-day devices are connected to the internet, which is why I am glad that that Senate passed our bipartisan bill to help better secure these devices,” Senator Hassan said. “Our bipartisan bill will require that the federal government only purchase devices that meet a minimum cybersecurity standard, which will go a long way to prevent hackers from stealing sensitive information that could undermine public safety, and also in pushing manufacturers to improve the safety of internet-connected devices in our homes.”  

 

Specifically, the Internet of Things (IoT) Cybersecurity Improvement Act would:

 

  • Require the National Institute of Standards and Technology (NIST) to issue recommendations addressing, at a minimum, secure development, identity management, patching, and configuration management for IoT devices.
  • Direct the Office of Management and Budget (OMB) to issue guidelines for each agency that are consistent with the NIST recommendations, including making any necessary revisions to the Federal Acquisition Regulation to implement new security standards and guidelines.
  • Require any IoT devices  purchased by the federal government to comply with those recommendations.
  • Direct NIST to work with cybersecurity researchers, industry experts, and the Department of Homeland Security (DHS) to publish guidelines on vulnerability disclosure and remediation for federal information systems. 
  • Require contractors and vendors providing information systems to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that can be effectively shared with a vendor for remediation.

As a member of the Homeland Security and Governmental Affairs Committee and the bipartisan Senate Cybersecurity Caucus, Senator Hassan is working across the aisle to bolster cybersecurity at all levels of government. Senator Hassan recently introduced bipartisan legislation to support the National Guard’s role in helping state and local governments improve their cybersecurity infrastructure. Last year, the Senate passed bipartisan legislation cosponsored by Senator Hassan to develop and retain highly-skilled cybersecurity professionals in the federal workforce. Senator Hassan has also worked with Senator Rob Portman (R-OH) to pass into law bills to strengthen cybersecurity, including the bipartisan Hack DHS Act, which would establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – that uses vetted “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and information technology.

 

###