Last month in California a Senate Bill No 327 was signed by the governor. It’s the first law in the U.S. mandating the Internet of Things (IoT) device producers or manufactures to have security provisions. The new California law states that all the connected devices must be manufactured with reasonable security features.
For many IoT device manufactures it means that need to start providing unique preprogrammed device passwords instead of earlier default passwords. Many IoT device manufacturers now have to embed a system to authenticate the user before the access is granted to the device for the first time.
The existing law already compels businesses to implement and maintain cyber security procedure according to the data collection and classification. The new Senate Bill No 327 focuses on the device protection. The critics have however said the law lacks the basic underlying procedure that is needed to protect the data and devices, the requirements are vague, neglect encryption and don’t address the bad practices.
The poorly secured IoT device used in destructive Dyn Cyber-attack which were caused due to Mirai botnet that led to many websites slowing down, or totally inaccessible. The new California law will be implemented by 2020 and will we see any impact of the law still needs to be seen. As the Internet of Things is now becoming an inevitable part of everyday life, people outside information security sectors are concerned with the implications of using such devices into daily lives.