[co-author: Adam Cohen]
Background
Growing awareness regarding cybersecurity concerns with the Internet of Things (IoT) has achieved a milestone with the promulgation of the IoT Cybersecurity Improvement Act (the Act), which was signed into law by President Donald Trump on December 4, 2020. The Act requires the development, adoption and implementation of security standards for IoT devices by the federal government. Government contractors now have a new set of obligations relating to IoT cybersecurity compliance. Although the Act is the first federal law specifically targeting IoT cybersecurity, a California law requiring “reasonable” and “appropriate” IoT cybersecurity took effect January 1, 2020, and the U.K. also has IoT cybersecurity regulatory efforts underway. The Act was written in response to major distributed denial of service (DDoS) attacks, including one in 2016 in which the Mirai malware variant was used to compromise tens of thousands of IoT devices, orchestrati