The act will establish a set of minimum security requirements for IoT devices procured by the federal government. Requirements include reporting any vulnerabilities and receiving software updates. The bill will also provide safeguards for cybersecurity researchers.
One key point Long points out is the broad definitions of IoT devices and security vulnerabilities. Long stated “it is something industry should be worried about” but is confident both will be further defined as the bill goes through Congress.
Another detail that needs to be determined, according to Long, is where the information regarding vulnerabilities is to be housed.
That information “needs to be stored in a secure place,” she said. “That is information that our adversaries would want.”
Long said the act is “a step in the right direction” and hopes it will be successful enough in the federal government to be applied to the consumer market as well.
To watch the full interview, click here.