U.S. Senate's IoT Cybersecurity Act: A Catalyst for Secure Smart Devices

Steve Brumer, 151 Advisors

In August, we highlighted how U.S. senators are pushing for stricter IoT security. The draft bill, the IoT Cybersecurity Improvement Act, mandates that smart devices meet essential safeguards before being deployed by government agencies.

Under the Act, the White House Office of Management and Budget (OMB) must establish network‑level security standards for IoT devices—defined as physical objects that connect to the internet and can collect, send, or receive data. Executive agencies will also be required to maintain a comprehensive inventory of all connected devices they use.

Steve Brumer, partner at 151 Advisors—a global advisory and execution firm specializing in mobility, IoT, smart cities, security, and cloud‑based technologies—explains to Jeremy Cowan that regulation often benefits business by creating new demand for security solutions. “When government agencies allocate budgets for IoT security, it forces the market to innovate,” Brumer says. “Security spending has historically been reactive, but high‑profile breaches—such as Target and Sony—have forced companies to invest.”

Brumer notes that the biggest threat remains unpatched vulnerabilities. “Hackers exploit known flaws that should have been fixed, yet many devices remain out of date,” he adds, citing the WannaCry incident as evidence of widespread neglect.

Will Government Funding Drive Safer IoT Tools?

He believes that public investment will provide security firms the capital to develop cost‑effective solutions in the coming years. However, without global standards, this approach risks becoming a temporary fix rather than a lasting improvement.

IoT Now asked Brumer whether new cybersecurity regulations will automatically translate into better IoT security as federal agencies increase spending on protective solutions.

He answers affirmatively, adding a caveat: “The new regulations signal to the private sector that IoT security is now a federal priority, compelling adherence to standards that will raise overall protection levels.”

Security: The Most Immediate IoT Challenge

Mike Bell, EVP of Devices & IoT at Canonical, emphasizes the importance of device security. “A recent Canonical survey found that 45% of IoT professionals view better device security as their top priority,” Bell says. “Remote patching is essential to close vulnerabilities quickly, safely, and without disruption.”

Canonical has invested in Ubuntu Core’s built‑in remote patching to meet this need. With U.S. government IoT spending reaching nearly $9 billion in 2015, any new congressional standards are poised to impact both enterprise and consumer vendors, Bell adds.

Knud Lasse Lueth, managing director at IoT Analytics GmbH, also shares his view. “Legislation such as this bill can accelerate improvements in IoT security,” he says. “Our research indicates that at least 150 security vendors could benefit directly.”

Currently, security expenditure for IoT projects occupies less than 1% of total project costs—a figure that should rise given the severe consequences of breaches. Emphasis on patch management, especially after Mirai and WannaCry incidents, is critical, Lueth stresses.