The Internet of Things (IoT) has expanded to 10 billion devices in current use, with over 25 billion expected in the next five years. Security is a major concern; many devices are open to hacking which could expose major networks to cyber breaches.
Congress has now passed the IoT Cybersecurity Improvement Act, which directs the National Institute of Standards & Technology (NIST) to develop minimum information security requirements for managing IoT security risks. NIST is required to take current standards and best practices into account, and develop guidelines for how federal agencies should manage and resolve cybersecurity vulnerabilities, and how contractors and subcontractors should receive and disseminate information about them.
As this outline shows, the Act is only a start. Manufacturers may not comply with requirements, and the federal government's response to the recent cyber breach does not inspire confidence. Still, having industry standards gives consumers a basis for comparison and hopefully will lead to more concern about IoT security.