The Business Of Security Podcast #33 – IoT Security in the US Federal Government

In this episode, guest Drew Spaniel walks us through a new law passed in late 2020, The IoT Cybersecurity Improvement Act of 2020 (HR 1668), and how if will affect not just US federal government procurement, but IoT device manufacturers, and consumers as well.

The Act calls for IoT devices to be secured by manufacturers based on NIST guidance and cybersecurity best practices. From the Congessional Budget Office:

“Under H.R. 1668, NIST also would publish standards for federal agencies, contractors, and vendors to systematically report and resolve security vulnerabilities for IoT devices. Each agency’s chief information officer would be required to ensure compliance. OMB would establish federal standards for that coordinated reporting process that are consistent with NIST’s standards and guidelines.”

Drew Spaniel, Lead Researcher, ICIT (Institute for Critical Infrastructure Technology)

Malcolm Harkins, Chief Security and Trust Officer, Cymatic
Chad Boeckmann, Founder/CEO, TrustMAPP