Skip to main content

California just became the first state with an Internet of Things cybersecurity law

By

California Governor Jerry Brown has signed a cybersecurity law covering “smart” devices, making California the first state with such a law. The bill, SB-327, was introduced last year and passed the state senate in late August.

Starting on January 1st, 2020, any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features, designed to prevent unauthorized access, modification, or information disclosure. If it can be accessed outside a local area network with a password, it needs to either come with a unique password for each device, or force users to set their own password the first time they connect. That means no more generic default credentials for a hacker to guess.

The bill has been praised as a good first step by some and criticized by others for its vagueness. Cybersecurity expert Robert Graham has been one of its harshest critics. He’s argued that it gets security issues backwards by focusing on adding “good” features instead of removing bad ones that open devices up to attacks. He praised the password requirement, but said it doesn’t cover the whole range of authentication systems that “may or may not be called passwords,” which could still let manufacturers leave the kind of security holes that allowed the devastating Mirai botnet to spread in 2016.

But others, including Harvard University fellow Bruce Schneier, have said that it’s a good start. “It probably doesn’t go far enough — but that’s no reason not to pass it,” he told The Washington Post. While the rule is only state-wide, any device-makers who sell products in California would pass the benefits on to customers elsewhere.

Several Internet of Things-related bills have been introduced in Congress, but none have made it to a vote. The IoT Cybersecurity Improvement Act of 2017 would set minimum security standards for connected devices purchased by the government, but not electronics in general. Taking a separate track, the IoT Consumer TIPS Act of 2017 would direct the Federal Trade Commission to develop educational resources for consumers around connected devices, and the SMART IoT Act would require the Department of Commerce to conduct a study on the state of the industry.



from The Verge - Teches https://ift.tt/2QfN7QU
Labels:

Comments

Post a Comment

Popular posts from this blog

Magic Leap is shipping across (most of) the US

By
As Magic Leap holds the first developer conference for its Magic Leap One mixed reality headset, that headset has started shipping across the contiguous United States, instead of in a set of select markets. The Magic Leap One Creator Edition costs $2,295, just like before, but there’s now an installment plan that starts at $96 per month. All orders are supposed to arrive within 60 days. The Magic Leap One Creator Edition went on sale in early August, and while Magic Leap has touted it as a fully functional device, it’s basically meant for people who want to design apps, games, or art for mixed reality. We were ambivalent toward the hardware, which we found limited, and we noted that Magic Leap hadn’t shown off a lot of material that showcased its potential. The company’s developer conference keynote has revealed several new projects. Among other things, Spider-Man studio Insomniac Games is building an experience that will let you grow a holographic creature on your tabletop, and...
Post a Comment
Read more

The company behind the adorably doomed robot Kuri is shutting down

By
Less than a month after Mayfield Robotics said it was stopping production on its Kuri home robot, the company announced today on its blog that the company will be shutting down. Mayfield Robotics launched in 2015 as part of Bosch’s Startup Platform, but struggled to integrate with and find a business fit within Bosch. Since the cancellation of its Kuri robot, Mayfield Robotics had been looking for external partners for long-term technology development, but was unable to find investment to support its future. The company will cease all operations by October 31st. We first met Kuri at CES 2017, and it wasn’t yet able to showcase all the features it was promised to have in the future. The robot was supposed to have smart assistant functionalities like an Amazon Echo, but with a much cuter face and movable body. Promo videos showed it working as a moving home security camera that was controllable through the Kuri app, but in the demonstration we saw, it only had as much functionality a...
Post a Comment
Read more

Amazon’s plans for a New York office are under new scrutiny

By
A month ago, when Amazon announced that it would build regional offices in New York and Virginia at great expense to the taxpayers there, I wrote that it had misunderstood the moment : Perhaps the furor over Amazon’s regional offices will blow over. But it’s hard not to feel today as if the company misread the room — overestimating the public’s appetite for a billion-dollar giveaway to one of the world’s biggest companies, and underestimating the public’s ability to raise hell on- and offline. Amazon may yet feel that pain, in the long run. Today, Amazon met the room: 150 protesters who showed up to the first New York City Council hearing about the plan. According to reports from the scene, demonstrators’ concerns start with the $3 billion in incentives that New York plans to give Amazon in exchange for locating there — and, it says, creating 25,000 jobs. Here’s Leticia Miranda in BuzzFeed : ”You’re worth a trillion dollars,” New York City Council Speaker Corey Johnson told the ...
Post a Comment
Read more