Skip to main content

California just became the first state with an Internet of Things cybersecurity law

By

California Governor Jerry Brown has signed a cybersecurity law covering “smart” devices, making California the first state with such a law. The bill, SB-327, was introduced last year and passed the state senate in late August.

Starting on January 1st, 2020, any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features, designed to prevent unauthorized access, modification, or information disclosure. If it can be accessed outside a local area network with a password, it needs to either come with a unique password for each device, or force users to set their own password the first time they connect. That means no more generic default credentials for a hacker to guess.

The bill has been praised as a good first step by some and criticized by others for its vagueness. Cybersecurity expert Robert Graham has been one of its harshest critics. He’s argued that it gets security issues backwards by focusing on adding “good” features instead of removing bad ones that open devices up to attacks. He praised the password requirement, but said it doesn’t cover the whole range of authentication systems that “may or may not be called passwords,” which could still let manufacturers leave the kind of security holes that allowed the devastating Mirai botnet to spread in 2016.

But others, including Harvard University fellow Bruce Schneier, have said that it’s a good start. “It probably doesn’t go far enough — but that’s no reason not to pass it,” he told The Washington Post. While the rule is only state-wide, any device-makers who sell products in California would pass the benefits on to customers elsewhere.

Several Internet of Things-related bills have been introduced in Congress, but none have made it to a vote. The IoT Cybersecurity Improvement Act of 2017 would set minimum security standards for connected devices purchased by the government, but not electronics in general. Taking a separate track, the IoT Consumer TIPS Act of 2017 would direct the Federal Trade Commission to develop educational resources for consumers around connected devices, and the SMART IoT Act would require the Department of Commerce to conduct a study on the state of the industry.



from The Verge - Teches https://ift.tt/2QfN7QU
Labels:

Comments

Post a Comment

Popular posts from this blog

How to install Fortnite on Android

By
Epic Games launched its battle royale hit Fortnite on Android devices last week with a big catch: it was exclusive to Samsung-made phones for a few days as a way to help market the new Samsung Galaxy Note 9. Now, the exclusivity period appears to be over, and beta invite codes are going out to select users of non-Samsung phones like the Google Pixel 2 XL. If you’re itching to dive off the battle bus on mobile, you might have to hold on just a little while longer: there appears to be a waiting list, just like there was when the game launched on iOS. There’s also a bit of trickiness involving exactly how you get the app because Epic announced it would be distributing the Android version of Fortnite on its own terms . Last week, the app was distributed through Samsung’s app store, and Epic is using its own website and a Fortnite Installer program to distribute the game more widely on all compatible Android devices. (Epic CEO Tim Sweeney said this is basically to avoid paying Google...
Post a Comment
Read more

Apple’s Siri Shortcuts app now available for iOS 12

By
Apple is making Siri a lot more powerful in both iOS 12 and watchOS 5. Siri’s new Shortcuts feature is now available to download for iOS 12 users, and it allows iPhone and Apple Watch users to use Siri to step through multistep routines. Shortcuts replaces the previous Workflow app that Apple acquired last year, and is designed to allow you to create custom commands in Siri that launch apps or combine a number of actions in a similar way to IFTTT. You can do things like tell Siri you’re “watching a movie” and the digital assistant will switch your phone to do not disturb. A number of app developers are also launching their own custom Siri shortcuts with iOS 12, which will help the assistant display more information when you create a custom phrase. Citymapper is one of the first big apps with Siri shortcuts support, allowing you to create a shortcut to ask “when’s my next train” and get relevant updates and even platform information. You can download Siri Shortcuts from the App Sto...
Post a Comment
Read more