The recent enactment of the “Internet of Things Cybersecurity Improvement Act of 2020” (the “Act”) promises new scrutiny of security in the Internet of Things (“IoT”)—the broad array of connected devices that are increasingly integrated into every aspect of modern life. This important legislation provides for the creation of IoT security guidelines for devices sold to federal agencies and their management by agencies as well as the establishment of guidelines for vulnerability disclosure. Though focused on IoT devices purchased by the federal government, this legislation is likely to have significant consequences for IoT manufacturers across the economy. It also likely will have important implications for enterprise cybersecurity through its vulnerability disclosure provisions.

Continue reading.