Cyber Law
Below is a scenario of me being a legislative research aid.
To: Representative Tito Canduit, 26th District of Virginia
From: Josiah Marshall Marshall, Legislative Research Aide
Date: 11/22/2024
Subject: Cybersecurity Research Memo – IoT Cybersecurity Improvement Act of 2020
The Internet of Things (IoT) Cybersecurity Improvement Act of 2020 is a federal law
signed by President Donald J. Trump. This law was signed on December 4th of 2020. This law
aims to help federal agencies improve their cybersecurity of internet connected devices. This law
mandates that minimum security standards for IoT devices purchased by the federal government
follow the National Institute of Standards and Technology. These standards focus on secure
developments, identity management, configuration management, patching. Contractors
supplying IoT devices to federal agencies must ensure their products meet NIST’s guidelines.
Regarding device assessment, assessments must be conducted to ensure compliance and address
new cybersecurity risks. Lastly, federal agencies are required to establish processes for
identifying and resolving vulnerabilities in IoT devices they use.
The problem’s that IoT devices such as sensors, smart cameras, and connected medical
devices have been used more in recent years. In 2020 there were about 31 billion IoT devices
worldwide. These devices often have no security features and this makes them easy to attack. A
notable example of this is the 2016 Mirai botnet attack which harnessed unsecured IoT devices
to create a massive distributed denial-of-service (DDoS) attack that disrupted major websites.
This not only presents security risks, but risks to the federal government. As I stated earlier,
healthcare, the Department of Defense and other big federal agencies use IoT devices. An attack
on these systems could jeopardize national security. Because of this, growing threats are aiding
From: Josiah Marshall Marshall, Legislative Research Aide
Date: 11/22/2024
Subject: Cybersecurity Research Memo – IoT Cybersecurity Improvement Act of 2020
The Internet of Things (IoT) Cybersecurity Improvement Act of 2020 is a federal law
signed by President Donald J. Trump. This law was signed on December 4th of 2020. This law
aims to help federal agencies improve their cybersecurity of internet connected devices. This law
mandates that minimum security standards for IoT devices purchased by the federal government
follow the National Institute of Standards and Technology. These standards focus on secure
developments, identity management, configuration management, patching. Contractors
supplying IoT devices to federal agencies must ensure their products meet NIST’s guidelines.
Regarding device assessment, assessments must be conducted to ensure compliance and address
new cybersecurity risks. Lastly, federal agencies are required to establish processes for
identifying and resolving vulnerabilities in IoT devices they use.
The problem’s that IoT devices such as sensors, smart cameras, and connected medical
devices have been used more in recent years. In 2020 there were about 31 billion IoT devices
worldwide. These devices often have no security features and this makes them easy to attack. A
notable example of this is the 2016 Mirai botnet attack which harnessed unsecured IoT devices
to create a massive distributed denial-of-service (DDoS) attack that disrupted major websites.
This not only presents security risks, but risks to the federal government. As I stated earlier,
healthcare, the Department of Defense and other big federal agencies use IoT devices. An attack
on these systems could jeopardize national security. Because of this, growing threats are aiding
in different countries because they know IoT devices can be useful to take advantage of national
security. However, this law responds to public concerns about cybersecurity and ransomware
incidents. This law aims to set precedent for improving security standards across the private
sector.
The strength of this law is that it establishes at least the most minimal security measures
and reduces risk of attackers exploiting poorly secured IoT devices in federal systems. It also
promotes security design in these IoT devices being made and encourages better approaches in
general. However, this law could improve by being IoT devices as a whole. This law only covers
the IoT devices used by federal agencies which is a small portion of the IoT devices. This law
needs to educate the public about why IoT devices need to be secure and have punishments if not
properly secured.
Some voter focused observations are the economic impact. The law would encourage
better innovation by incentivizing companies to develop more secure products. This would be a
plus for voters focused on economic growth and jobs in the technology industry. This would also
set a benchmark for private companies and benefit consumers by raising the bar for IoT security.
What I recommend for Representative Canduit to strengthen your position on
cybersecurity is to consider supporting/proposing laws that extend IoT security standards in
businesses to help consumers. Also you should also suggest partnerships with governments and
industry leaders to improve IoT security in general. The last thing that you should consider is
pushing for laws to continue to advance technological advancements in general and funding
security research to continue to watch for cybersecurity threats.
security. However, this law responds to public concerns about cybersecurity and ransomware
incidents. This law aims to set precedent for improving security standards across the private
sector.
The strength of this law is that it establishes at least the most minimal security measures
and reduces risk of attackers exploiting poorly secured IoT devices in federal systems. It also
promotes security design in these IoT devices being made and encourages better approaches in
general. However, this law could improve by being IoT devices as a whole. This law only covers
the IoT devices used by federal agencies which is a small portion of the IoT devices. This law
needs to educate the public about why IoT devices need to be secure and have punishments if not
properly secured.
Some voter focused observations are the economic impact. The law would encourage
better innovation by incentivizing companies to develop more secure products. This would be a
plus for voters focused on economic growth and jobs in the technology industry. This would also
set a benchmark for private companies and benefit consumers by raising the bar for IoT security.
What I recommend for Representative Canduit to strengthen your position on
cybersecurity is to consider supporting/proposing laws that extend IoT security standards in
businesses to help consumers. Also you should also suggest partnerships with governments and
industry leaders to improve IoT security in general. The last thing that you should consider is
pushing for laws to continue to advance technological advancements in general and funding
security research to continue to watch for cybersecurity threats.
Sincerely,
Josiah Marshall
Sources:
https://www.congress.gov/bill/116th-congress/house-bill/1668
https://www.csoonline.com/article/568801/2020-outlook-for-cybersecurity-legislation.html
https://www.nist.gov/internet-things-iot
Josiah Marshall
Sources:
https://www.congress.gov/bill/116th-congress/house-bill/1668
https://www.csoonline.com/article/568801/2020-outlook-for-cybersecurity-legislation.html
https://www.nist.gov/internet-things-iot