New Federal IoT Security Bill Has Narrower Scope, but Big Impact

Fenwick privacy & cybersecurity co-chair Jim Koenig talked to Legaltech News about the implications of proposed federal legislation that would impose cybersecurity standards on internet of things devices purchased by the federal government.

Koenig commented on how this measure compares with similar legislation introduced in 2017, noting that “prior government bills on internet of things were about fostering the growth of IoT. This bill is important and interesting because it seeks to have the standards reviewed for IoT cybersecurity vulnerabilities for [the] government and the devices used and integrated.”

Koenig also pointed out the potentially limited scope of the bill: “As the bill goes a long way in helping to develop an approach for common industry and technical standards for IoT in government internet accessible devices, it largely covers IoT devices that can access or manage or process information. There is a possibility that the scope of the bill in the definition of covered devices doesn’t cover general-purpose computing devices [and] programmable logic controls, and that is critically important as logic controllers are the things that manage and govern autonomous machinery and robots.”

He told Legaltech News, “This bill is potentially easier to digest and since NIST is viewed as impartial—for government standards, not commercially—it has a better chance at passing.”

The full article is available through Legaltech News (subscription required).​​