The House recently passed the IoT Cybersecurity Improvement Act of 2020, requiring IoT devices purchased by the government to meet minimum security requirements based on guidelines developed by the National Institute of Standards and Technology (NIST).
Any time there is an initiative around improving cybersecurity for IoT devices, independent of industry, it helps the collective market challenge the current state and think deeper about best practices around encryption and authentication for this growing population of connected things. We frequently hear about hackers who take advantage of weaknesses in IoT security, maliciously taking control of smart home devices for DDoS attacks or changing functionality of medical devices. The only way to improve our security posture is to design a robust security architecture around our entire IoT systems. Guidelines provided by NIST or other standards groups can really make an impact in how we design security into IoT devices from inception and provide a method to manage authentication and encryption around the IoT device data and functionality over time.