Mender blog

Good news - The U.S House Passes the IoT Cybersecurity bill

Recently, the House of Representatives in the United States passed the IoT Cybersecurity Improvement Act of 2020. This is a landmark bill whose goal is to improve the security of IoT devices. Given the bi-partisan support for the bill, it is likely to pass the Senate and soon be put into action. This represents a powerful win for everyone who truly cares about security as we enter an increasingly digital world where the virtual command controls the physical space.

What is this regulation?

In short, this bill will require IoT device vendors to comply with a basic minimum set of security measures. These security measurements include things like vulnerability scanning and security patching, not using hard-coded passwords, and so on. If you want all the details on this new regulation, please check out the legislation pages on Congress.gov here.

Once enacted, the US Federal government will only be allowed to purchase IoT devices from vendors that comply with this regulation. This means that unless a vendor can prove that it complies with the security measures, the US Federal Government is prohibited from purchasing from them.

The stakes have been raised for vendors as security compliance requirements to participate in the market have just been increased dramatically.

Why is this good news?

There are too many IoT vendors in the market today who are not serious enough in their attitude to address security concerns. These are often vendors with shiny websites and rock-bottom pricing, but who have a complete lack of understanding the very serious security needs of the market at hand. Highly insecure and fragile internet connected devices are being pushed into the market on a massive scale. Thankfully, this new regulation will put an end to much of this, or at least so in the US public sector.

Fortunately, there are vendors like Mender, who take security as their prime directive and put you in an enviable position of being able to win more contracts, as you will have a distinct competitive advantage over others who would have to add security measures so playing catch up to you, or else find other marketplaces.

Mender users care inherently about the security of their IOT devices. This valiant and noble attitude has now become a competitive advantage to win deals with the US Federal Government, which is one of the largest purchasers in the world.

Finally, it is the hope that the purchasing power of the US Federal Government is so strong that it will positively impact the private market and buyers as well.

We are moving in the right direction, and the sooner you can ensure proper security measures on connected devices you provide to the market, the better prepared you will be for the future.

Recent articles

Driving secure innovation: ISO/SAE 21434 & UNECE compliance

Driving secure innovation: ISO/SAE 21434 & UNECE compliance

ISO/SAE 21434 and UNECE R155/R156 standards reshape cybersecurity in software-defined vehicles. Compliance with these frameworks is essential for protecting consumers, ensuring vehicle safety, and driving innovation in the automotive industry.
CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server

CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server

Recently discovered security vulnerabilities in Mender Server have been fixed.
CVE-2024-46948 - Missing filtering based on RBAC device groups

CVE-2024-46948 - Missing filtering based on RBAC device groups

A customer recently notified us of a security issue in Mender. For users of RBAC and device groups, one specific API did not filter devices correctly.
View more articles

Learn why leading companies choose Mender

Discover how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices. Focus on your product, and benefit from specialized OTA expertise and best practices.

 
sales-pipeline_295756365