Congress has passed the IoT Cybersecurity Improvement Act. If signed by President Donald Trump and put into law, it would consolidate of security requirements for Internet of Things (IoT) devices, allowing for consistent secure development, identity management, patching and configuration management.
Consumer electronics companies will be able to choose to not to comply with these requirements, making it legal to offer unsafe, cheaper products on the market. However, those who pay for a higher level of security will have to meet and refer to basic industry standards that are usable by other manufacturers. These standards would be established by the National Institute of Standards and Development (NIST).
California and Oregon have already developed similar legislation, adding pressure for a federal law. Additionally, the European Union is investing in IoT research, development and deployment.
The bill was created with the advice of Symantec, Mozilla and the Software Alliance, and passed in the Senate unanimously on Nov. 17. The bill reached President Trump’s desk on Nov. 24; He can sign it, or it becomes law after 10 days unless he decides to veto.