After the Mirai botnet strike, Congress is proposing legislations for The Internet of Things (IoT) through the Cybersecurity Act.

Congress Proposes Internet of Things Legislation

The 2016 Mirai botnet strike used the Internet of Things (“IoT”) to launch denial-of-service attacks against Twitter, PayPal, Netflix and several other technology-based entities. The IoT is a system of interrelated web-connected objects and devices that does not require human-to-human or human-to-computer interaction.

In the aftermath of Mirai, Congress is taking an important first step. A bipartisan bill, The Internet of Things Cybersecurity Act of 2017, was introduced by U.S. senators Mark Warner (D-VA), Cory Gardner (R-CO), Ron Wyden (D-OR), and Steve Daines (R-MT).  The bill provides the following security stipulations for IoT devices purchased by the U.S. government:

  • Vendors of IoT devices purchased by the federal government must provide products that are patchable.
  • Vendors will not use hard-coded passwords.
  • Vendor products must not contain any known security vulnerabilities. 
  • Cybersecurity researchers are exempt from Computer Fraud and Abuse Act and Digital Millennium Copyright Act liability when in engaged in good-faith security research.
  • Each executive agency will inventory all IoT devices in use by the agency.

If enacted, The Internet of Things Cybersecurity Act of 2017 will be narrowly applied to government contractors; it is also expected that these common-sense guidelines will eventually make their way to consumer product manufacturers. Because the act’s requirements are both practical and not overly burdensome, leading technology vendors – such as Mozilla, Symantec and others – have applauded the legislation.

By 2020, the IoT sector is expected to top 20 billion devices worth more than $1 trillion. Government spending alone on IoT products is more than $9 billion annually.


Natasha Roman is a Consulting Services Group Senior Manager experienced in financial statement audits, SSAE 16 compliance audits, tax preparation, reviews and compilations, and payroll audits.

Contact Natasha

* Required