Skip to main content

California just became the first state with an Internet of Things cybersecurity law

By

California Governor Jerry Brown has signed a cybersecurity law covering “smart” devices, making California the first state with such a law. The bill, SB-327, was introduced last year and passed the state senate in late August.

Starting on January 1st, 2020, any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features, designed to prevent unauthorized access, modification, or information disclosure. If it can be accessed outside a local area network with a password, it needs to either come with a unique password for each device, or force users to set their own password the first time they connect. That means no more generic default credentials for a hacker to guess.

The bill has been praised as a good first step by some and criticized by others for its vagueness. Cybersecurity expert Robert Graham has been one of its harshest critics. He’s argued that it gets security issues backwards by focusing on adding “good” features instead of removing bad ones that open devices up to attacks. He praised the password requirement, but said it doesn’t cover the whole range of authentication systems that “may or may not be called passwords,” which could still let manufacturers leave the kind of security holes that allowed the devastating Mirai botnet to spread in 2016.

But others, including Harvard University fellow Bruce Schneier, have said that it’s a good start. “It probably doesn’t go far enough — but that’s no reason not to pass it,” he told The Washington Post. While the rule is only state-wide, any device-makers who sell products in California would pass the benefits on to customers elsewhere.

Several Internet of Things-related bills have been introduced in Congress, but none have made it to a vote. The IoT Cybersecurity Improvement Act of 2017 would set minimum security standards for connected devices purchased by the government, but not electronics in general. Taking a separate track, the IoT Consumer TIPS Act of 2017 would direct the Federal Trade Commission to develop educational resources for consumers around connected devices, and the SMART IoT Act would require the Department of Commerce to conduct a study on the state of the industry.



from The Verge - Teches https://ift.tt/2QfN7QU
Labels:

Comments

Post a Comment

Popular posts from this blog

Firefox is testing features that let you customize colors and view two tabs in one

By
Mozilla Firefox is testing out two new experimental extensions that let users further customize their browser and view tabs together more easily. The first one is called Firefox Color and it lets you change the colors of the background, text, icons, and the toolbar. Whatever you change can be saved and you can also choose to share your color schemes with others. Firefox also has a selection of pre-made color themes that you can choose from if you don’t want to customize every single color yourself. The second feature that Firefox is testing is called Side View and it does basically what it sounds like: you can view two browser tabs at once in the same tab and window. Without the feature, you can already line up two windows side by... Continue reading… from The Verge - All Posts https://ift.tt/2LZWa7h
Post a Comment
Read more

Telecom news

By
Telecom regulators from India and the EU met this week to announced their common understanding of the "building blocks of net neutrality rules". from RSS Feeds | TELECOM - RSS Feed - NDTV Gadgets360.com https://ift.tt/2ydtFjN
Post a Comment
Read more