While the issue of Internet of Things (IoT) device security has been raised before, this would mark the third attempt that congress would have made to pass a bill of its kind. For many, lax device-security standards have represented a major pain-point that has yet to be properly addressed.
The Internet of Things (IoT) Cybersecurity Improvement Act of 2019, was introduced to the Senate on March 11, 2019. The primary goal of the proposed legislation is to begin a shift that would see IoT device producers putting a higher emphasis on device security. Especially when government purchased and utilized devices are concerned.
This bill is the result of a bi-partisan effort that was spear-headed by Senators:
- Mark Warner (D-VA)
- Cory Gardner (R-CO)
- Maggie Hassan (D-NH)
- Steve Daines (R-MT)
As well as Representatives Robin Kelly (D-IL) and Will Hurd (R-TX).
The bill comes on the heels of the recent rash of cybersecurity issues that have been cropping up around high-tech industries over recent years. Unsurprisingly, the health care sector has been foremost among those impacted by the increasing number of cyberattacks. This legislation would essentially enforce a new set of standards regarding the manufacturing of IoT devices and would require a set list of “rules” be followed.
Currently, the primary issue faced by IoT devices is that very few are being manufactured and sold with security in mind. The results of this “bottom-line” manufacturing approach is that IoT devices are being targeted more and more frequently as stepping-stones to access bigger systems. One of the most infamous examples of which is the distributed denial-of-service (DDOS) attack that saw a host of websites brought offline using IoT devices as the infection vector. These devices are also especially vulnerable because of ineffectively secured, cloud-based services that are used with increasing frequency by organizations to operate more efficiently and gain valuable perspective on their customer bases.
The National Institute of Standards and Technology (NIST) provides recommendations on the development, configuration, and patching of IoT devices as well as work with industry-leading experts to distribute instruction on how to properly resolve device issues in the future.
Senator Mark Warner has been at the forefront of the debate surrounding IoT security pain points. Most recently, he sent a letter to the American Medical Association, the Healthcare Information and Management Systems Society (HIMSS), and many others in an attempt to garner support of the federal government’s bid to combat cybersecurity difficulties in the health care industry.
While the most significant impact of this legislation would be felt by government employees with IoT devices, the health care industry in particular would find itself reaping the benefits and adherence requirements as well. Try HIPAAgps Risk-Free for 7-days, stay updated on developing health news, and start using our HIPAA compliance resources.