Last week, we told you that President Trump signed bipartisan legislation establishing minimum security requirements for Internet of Things (“IoT”) devices used by the federal government. The Act is the first of its kind at the federal level, aimed at protecting the security of IoT devices and services in the marketplace. The Act governs federal purchases of IoT devices and services but is intended to leverage the purchasing power of the federal government to affect the broader IoT market indirectly.  Thus, without (yet) setting standards for all IoT devices and services, the legislation nevertheless is significant whether or not a company sells its product to the government.

Continue Reading NIST Wastes No Time in Implementing the IoT Cybersecurity Act of 2020

On December 4, 2020, President Trump signed bipartisan legislation establishing minimum security requirements for Internet of Things (“IoT”) devices used by the federal government. The legislation, H.R. 1668, passed the House in September and the Senate in November.

The Internet of Things Cybersecurity Improvement Act of 2020 draws upon work that the National Institute of Standards and Technology (“NIST”) has been doing to address cybersecurity for IoT devices. Referencing work done over the Summer on IoT Device Cybersecurity, the Act directs NIST to issue standards for the “appropriate use and management” of IoT devices owned or controlled by federal agencies. NIST, which already was working on the federal profile of IoT uses, is directed to issue these guideline by March 4, 2021. Within 6 months of that date, the Office of Management and Budget is to review agency information security policies and principles based upon NIST’s guidelines. And, adding a hammer to the incentives, federal government acquisition standards are to be revised to implement these standards. In other words, federal contractors will be required to adhere to the NIST standards in IoT devices sold to the federal government.


Continue Reading President Signs IoT Cybersecurity Act of 2020

Americans who lack high-speed broadband internet access are caught on the wrong side of the “Digital Divide,” with students facing a “homework gap” and adults, and even entire communities, facing an “opportunity gap” that impacts everything from jobs, education, and healthcare to sustainability and well-being. In this episode of Kelley Drye’s Legal Download,

Join Partner Steve Augustino and the FCBA’s Internet of Things committee for “Furthering U.S. Drone Operations: An Update on FAA and Spectrum Policy Developments,” a virtual CLE on Monday, June 15th from 3:00  – 5:10 p.m. Steve will moderate the first of two panels. His session,  “Furthering UAS Deployment in U.S. Airspace,” will provide an

On February 28, 2020, at its Open Meeting, the FCC voted to commence a rulemaking to examine the rebalancing of many technical rules governing the deployment of fixed and certain mobile, unlicensed white space devices in the television bands (in and around the 600 MHz range) to increase opportunities for relatively long-distance connectivity in rural and underserved areas, such as for wireless broadband solutions or applications associated with the Internet of Things (“IoT”), although there are no application restrictions on white space devices per se. The rule changes are proposed only in those frequencies below TV channel 35, and so exclude the 600 MHz duplex gap and the 600 MHz service band. The text of the Notice of Proposed Rulemaking (“NPRM”) was promptly released on March 2. Comments are due 30 days after Federal Register publication with replies due sixty days after publication, which has not yet occurred.

Continue Reading FCC Opens Proceeding to Reinvigorate Opportunities for TV White Space Devices

From smart homes and self-driving vehicles to drones and healthcare monitoring, Internet of Things (IoT) capabilities are a hot topic for both manufacturers and consumers. The most recent episode of Kelley Drye’s Full Spectrum podcast spotlights one of the key areas for everyone involved – maintaining security of IoT devices. Partners John Heitmann and Steve

At the end of July, the National Institute for Standards and Technology (“NIST”) released draft cybersecurity guidance for IoT device manufacturers. The document, titled Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers, is intended, according to NIST, identify the cybersecurity features that IoT devices should have “to make them at least minimally securable by the individuals and organizations who acquire and use them.” The NIST document is not a rule or requirement for IoT devices, but rather is a continuation of NIST’s effort to foster the development and application of voluntary standards, guidelines, and related tools to improve the cybersecurity of connected devices.

NIST is seeking comment on the document through September 30 of this year and it held a workshop in August for interested parties to discuss the document. In a prior post, I blogged on takeaways from that workshop. Now, it’s time to take a closer look at the NIST document itself.


Continue Reading Securing IoT Devices (Part 2): Inside the NIST Guidance Document for IoT Device Manufacturers

Connected devices already are making headway into business and consumer markets. “Smart” speakers, video doorbells, remote programmable thermostats and other devices are increasing in popularity in homes across the United States. Major automakers and startups are pursuing self-driving cars and the “passenger economy.” Businesses are using IoT capabilities to enhance preventive maintenance, to track assets through the production cycle and to gain insights into consumer behavior.

Now, the federal government is trying to provide resources for businesses engaged in the Internet of Things (“IoT”) economy. Building on guidelines it established for cybersecurity generally and IoT cybersecurity specifically, the National Institute for Standards and Technology (“NIST”), a division of the U.S. Department of Commerce, held a workshop for manufacturers on securing IoT devices. I attended the workshop and these are my principal takeaways from the meeting.


Continue Reading Securing IoT Devices: Lessons from a NIST Workshop

By unanimous vote, the FCC launched a rulemaking this past week to consider allocating the 1675-1680 MHz band for co-primary use by flexible commercial terrestrial fixed and mobile operators with incumbent federal operators. The Notice of Proposed Rulemaking (“NPRM”), released on Monday, May 13, is, in many fundamental ways, similar to a proposal Ligado first made in a 2012 petition for rulemaking, with adjustments over the years, seeking to allow terrestrial mobile operations in the 1675-1680 MHz band.

Continue Reading FCC Starts Rulemaking on Commercial Mobile Access in 1675-1680 MHz Band, Similar to 2012 Ligado Petition