IoT Cybersecurity Improvement Act - IoT Secure

IoT Cybersecurity Improvement Act

IoT Cybersecurity Improvement Act

Since August of 2017 the U.S. Congress has been working on a new internet of things security bill designated S.1691, Internet of Things (IoT) Cybersecurity Improvement Act. The U.S. government is not known for being timely, so if they recommend security measures on connected devices, it is long past time for every organization to take action. Unfortunately, this new law does not cover consumer or even enterprise-grade connected devices, so the law doesn’t protect consumers or corporations.

About the IoT Cybersecurity Improvement Act

The new IoT Cybersecurity Improvement Act does require all connected devices purchased for use in a government agency or by a federal contractor to meet minimum security requirements. This law is great news for the security of government and critical infrastructure verticals. For everything else, it leaves a lot to be desired. At best, we will see a ripple effect in the enterprise world that may force the industry to adopt these updated security standards.

This bill was introduced and eventually passed as a reaction to increasingly vulnerable connected systems that are used more every day in every type of organization. Highlights of the IoT Cybersecurity Improvement Act include:

  • Requires the National Institute of Standards and Technology (NIST) to publish standards and guidelines on the use and management of IoT devices by the federal government, including minimum information security requirements for managing cybersecurity risks associated with IoT devices.
  • Directs the Office of Management and Budget (OMB) to review federal government information security policies and make any necessary changes to ensure they are consistent with NIST’s recommendations.
  • Requires NIST and OMB to update IoT security standards, guidelines, and policies at least once every five years.
  • Prohibits the procurement or use by federal agencies of IoT devices that do not comply with these security requirements, subject to a waiver process for devices necessary for national security, needed for research, or that are secured using alternative and effective methods.
  • Requires NIST to publish guidelines for reporting security vulnerabilities relating to federal agency information systems, including IoT devices.
  • Directs OMB to develop and implement policies necessary to address security vulnerabilities relating to federal agency information systems, including IoT devices, consistent with NIST’s published guidelines.
  • Requires contractors providing IoT devices to the U.S. government to adopt coordinated vulnerability disclosure policies, so that if a vulnerability is uncovered, that information is disseminated.

IoT Cybersecurity Improvement Act Leaves Room for Improvement for Enterprises

While technically legacy systems are exempt, the need to secure these connected devices is no less pressing. The truth is that the vast majority of IoT, ICS and other connected devices is that they are unlikely to be patched – ever. Many devices shipping today arrive vulnerable to severe flaws. So, while not perfect, the new IoT Cybersecurity Improvement Act is a great first step in actually improving IoT security at scale.

IoT Cybersecurity and IoT Secure

IoT Secure IoT Security Tools provide at least 5 key capabilities recommended by NIST regardless of the IoT and ICS systems’ age or patch-level, including:

  1. Gain Visibility: Obtain and maintain an accurate and current inventory of all connected devices. Most asset inventory tools require either a SPAN or TAP connection and will intercept all traffic to identify new devices. IoT Secure does NOT require any such connection. You simply plug the ethernet cable into any active ethernet port, and IoT Secure will do the rest.
  2. Understand behaviors: Know how all devices are behaving and what other parts of the network they are – or can – communicate with at all times. IoT Secure combines a massive proprietary database of known device behavior and services with its proprietary machine learning algorithms to find new or previously unidentified systems. Additionally, IoT Secure monitors and blocks malicious behavior by connected devices it is managing.
  3. Centralize management: Identify and leverage a single dashboard that allows tracking and investigating at-risk devices. IoT Secure has a user-accessible dashboard with real-time findings and data from the device. Additionally, admins can easily link this information into SIEM software.
  4. Implement segmentation: Control — and limit — at-risk device connections through segmentation. IoT Secure monitors all devices connected to the network and either recommends or implements logical segmentation on any devices that need to be separate from the primary network.
  5. Establish continuous monitoring: Get timely notifications of new devices, offline devices, potential risks and threats. IoT Secure is a continuous monitoring solution that helps manage previously unmanaged devices and provides timely and useful notifications.

As IoT security threats continue to increase, now is the time to make sure you’re managing all devices connected to your corporate networks. IoT Secure can help — and you can request a FREE analysis of what’s on your network today with the IoT Secure IoT-mini.

Get Blog Updates

Start your IoT Security Journey

Request a demo

Let our product experts show how IoT addresses you critical use cases.

Get a Demo

Request an Assessment

Get a no-obligation, free assessment for your business. identify assets and the risks they bring.

Get an Assessment

Get Blog Updates


submit your email to access the case study

    submit your email to access the case study

      submit the information below