This article originally appeared on Han Santos, July 1, 2021 by Donna McPartland & Shamim Mohandessi
Regulation of the Internet of Things (IoT) is growing at the federal and state level and pushing organizations to include robust security features in their devices.
The U.S. Internet of Things Cybersecurity Improvement Act of 2020 (the “Act”) was enacted in December 2020 by Congress, and although it applies only to federal agencies, it is expected to have a significant impact on the development and manufacturing of IoT devices. This Act requires that federal agencies only procure IoT devices that comply with the National Institute of Standards and Technology’s (NIST) guidelines for IoT device security.
Currently, NIST has published a draft publication 800-213, titled “IoT Device Cybersecurity Guidance for the Federal Government” that is expected to be finalized this year. This draft guidance recommends that federal agencies have “minimal securability” for IoT devices prior to purchase. NIST defines a “minimally securable IoT device” as a device that has “the device cybersecurity capabilities customers may need to mitigate some common cybersecurity risks…”
Given the significant buying power of the federal government, private companies are likely to follow the NIST guidance when it is finalized. Additionally, some states regulate the use and deployment of IoT, including California and Oregon. Laws in both states require manufacturers of IoT devices to equip devices with “reasonable security features.” However, each state fails to define “reasonable security features.” Instead, the NIST guidance, when finalized, is expected to provide such clarity, at least within the US, through a standard definition. We also expect continued enforcement from the U.S. Federal Trade Commission through litigation and other enforcement activities as they relate to IoT device security.
To learn more about the regulation of IoT and to help answer questions about related trends, we interviewed Donna McPartland and Shamim Mohandessi from Han Santos, PLLC, and Larry O’Connell from Sequitur Labs, Inc.
Read the full article HERE.
Most of these [IoT] devices are being deployed without acceptable levels of security—about half of device vendors experienced a data breach at least once.
Read Original Article by Donna McPartland & Shamim Mohandessi
Han Santos is a full-service, minority-owned, technology business law firm. Its core counseling team of legal experts includes highly skilled professionals who are passionate about offering innovative solutions to clients to protect their proprietary assets and drive winning deals.
