California Governor Jerry Brown recently signed a bill to regulate the cyber security standards of connected devices. With this bill (SB 327), California is set to have the toughest Internet of Things (IoT) standards in the United States. It’s the first state with such a law.
Introduced last year and passed in the state senate in late August, SB 327 goes into effect January 1, 2020. It requires a level of reasonable security on any IoT devices, defined as anything capable of connecting to the internet with a Bluetooth connection or internet protocol. Devices will be required to come preloaded with unique passwords or to force users to create new passwords before first-time access. This feature prevents unauthorized access, modification or information disclosure, as there would be no more generic default credentials for hackers to guess.
It’s not clear how businesses will comply with the state law, since many device manufacturers will still lack the knowledge to enforce the new standards. More specific requirements, such as two-factor authentication or use of a virtual private network, would help, but wouldn’t solve the root problem of educating users.
Why Do We Need It?
Currently, IoT devices are easy targets for hackers, according to cyber security experts. A report published by IBM Security and Threatcare showed that users of devices that control public infrastructure systems don’t change factory default passwords, many of which can be found online with relative ease.
Several IoT-related bills have been introduced in Congress before, but none have made it to a vote. These include:
- The IoT Cybersecurity Improvement Act of 2017, which would set minimum security standards for connected devices purchased by the government, but not electronics in general.
- The IoT Consumer TIPS Act of 2017, which would direct the Federal Trade Commission to develop educational resources for consumers around connected devices.
- The SMART IoT Act, which would require the Department of Commerce to conduct a study on the state of the industry.
As IoT technology advances, so do cyber threats. Learn more about the IoT and prepare to fight cyber attacks with organizational training. The IEEE Guide to the Internet of Things Program is a series of eight training courses designed to provide the foundational knowledge necessary to prepare for the IoT. Additionally, our two cutting-edge online training programs, Cyber Security Tools for Today’s Environment and Hacking Your Company: Ethical Solutions to Defeat Cyber Attacks, are available to help ensure everyone in your organization understands the basics of cyber security.
Johnston, Ryan. (1 Oct 2018). California governor signs ‘internet of things’ cybersecurity bill. StateScoop.
Robertson, Adi. (28 Sept 2018). California just became the first state with an Internet of Things cybersecurity law. The Verge.