A House lawmaker wants federal agencies to prioritize cybersecurity when buying internet-connected devices.
The Internet of Things Federal Cybersecurity Improvement Act, which Rep. Robin Kelly, D-Ill., plans to introduce next week, would require all internet-connected devices purchased by the government to meet a set of basic cybersecurity standards. The bill would also pressure agencies to avoid using so-called lowest technically acceptable price criteria when choosing vendors for those devices.
Under the legislation, the government could only buy devices that accept security patches and allow users to change passwords. Vendors would also need to notify agencies of any security vulnerabilities they discover and issue software update as new threats arise.