NOV 23, 2020 | US
After Years of Work, Congress Passes ‘Internet of Things’ Cybersecurity Bill — And It’s Kind of a Big Deal
CyberScoop, November 23, 2020
By Tim Starks
Congress last week did something that it rarely does: It passed a meaningful cybersecurity bill. The measure would direct the Commerce Department’s National Institute of Standards and Technology to establish baseline security requirements for any IoT manufacturer that wishes to contract with the federal government, in areas such as patching or identity management. The bill also would require contractors to implement vulnerability disclosure policies.
Absent government action, some researchers and consumer advocates had already experimented with security labeling for IoT devices.
The federal government doesn’t break out its spending on IoT devices, but outside assessments estimate that it spends billions each year, with more to come. But its purchasing influence is only part of the potential leverage the bill brings to bear.
“There will still be IoT manufacturers who don’t sell to the government that may be able to continue to ignore some of these baseline practices,” said Tommy Ross, director of public policy for The Software Alliance, a technology industry group. “I think they will come under increasing scrutiny given that the US government will now be saying these are the baseline practices we expect for any IoT device.”
Original Posting: https://www.cyberscoop.com/congress-iot-cybersecurity-bill-contractors/
BSA |“软件联盟”(www.bsa.org) 是全球软件行业的主要倡导者，旨在代表该行业，向政府和国际市场发声。其成员包括全球最具创新力的公司，这些公司制定的软件解决方案，不但能够刺激经济，还能提升现代生活的品质。
BSA 的总部位于华盛顿特区，其营运机构遍布 30 多个国家。BSA 凭借这些机构，率先涉足合规项目，以期促进使用合法软件、倡导制定公共政策，并以此培养技术创新能力，以及推动发展数字经济。