California just became the first state with an Internet of Things cybersecurity law

California Governor Jerry Brown signed Cyber ​​Security Act covering "smart" devices, making California the first country to have such a law. The SB-327 bill was introduced last year and passed the state Senate at the end of August.

Beginning January 1, 2020, any device manufacturer that "directly or indirectly" connects to the Internet will provide "reasonable" security features to prevent unauthorized access, modification, or disclosure of information. If the password is accessible from outside the local area network, each device must have a unique password, or you must set your own password the first time you connect. This means that there is no general default credential that a hacker can guess.

The bill was praised as a good first step for some, and others have criticized it for its ambiguity. Cyber ​​security expert Robert Graham is one of the most demanding critics. He argued that the security problem was reversed by focusing on adding "good" features instead of opening the device to remove malware. He praised cryptographic requirements, but could not cover the full range of authentication systems that might or might not be "passwords," but he could leave a security hole where manufacturers could break down a viable Mirai Botnet. 2016.

But others, including Harvard University colleague Bruce Schneier, said it was a good start. "It will not go far enough, but it has no reason not to pass it," he said. The Washington Post . While this rule applies to entire states only, device manufacturers selling products in the state of California will pass these benefits to customers in other locations.

Several Internet-related laws were introduced by Congress, but no one voted. The 2017 IoT Cybersecurity Improvement Act establishes minimum security standards for connected devices purchased by the government, but is generally not an electronic device. The IoT Consumer TIPS Act 2017 directs the Federal Trade Commission to develop educational resources for consumers around connected equipment, and the Smart IoT Act requires the Department of Commerce It requires research on industrial conditions.