WASHINGTON – The Senate passed bipartisan legislation yesterday, introduced by U.S. Senators Maggie Hassan (D-NH), Mark Warner (D-VA), Cory Gardner (R-CO), and Steve Daines (R-MT), to require baseline security requirements for Internet of Things (IoT) devices purchased by the federal government. Their bipartisan legislation would leverage the purchasing power of the federal government to help move the wider market for IoT devices towards greater cybersecurity. The Internet of Things (IoT) Cybersecurity Improvement Act passed the U.S. House of Representatives in September and now heads to the President’s desk for signature.
“So many of our day-to-day devices are connected to the internet, which is why I am glad that that Senate passed our bipartisan bill to help better secure these devices,” Senator Hassan said. “Our bipartisan bill will require that the federal government only purchase devices that meet a minimum cybersecurity standard, which will go a long way to prevent hackers from stealing sensitive information that could undermine public safety, and also in pushing manufacturers to improve the safety of internet-connected devices in our homes.”
Specifically, the Internet of Things (IoT) Cybersecurity Improvement Act would:
As a member of the Homeland Security and Governmental Affairs Committee and the bipartisan Senate Cybersecurity Caucus, Senator Hassan is working across the aisle to bolster cybersecurity at all levels of government. Senator Hassan recently introduced bipartisan legislation to support the National Guard’s role in helping state and local governments improve their cybersecurity infrastructure. Last year, the Senate passed bipartisan legislation cosponsored by Senator Hassan to develop and retain highly-skilled cybersecurity professionals in the federal workforce. Senator Hassan has also worked with Senator Rob Portman (R-OH) to pass into law bills to strengthen cybersecurity, including the bipartisan Hack DHS Act, which would establish a bug bounty pilot program – modeled off of similar programs at the Department of Defense and major tech companies – that uses vetted “white-hat” or ethical hackers to help identify unique and undiscovered vulnerabilities in the DHS networks and information technology.