The Oregon Biz Report - Business News from Oregon

Read about accutane journal moderate acne here

CA passes nation’s first ‘Internet of Things’ law

October 30, 2018


By David Rice
Miller, Nash, Graham and Dunn,
NW Law firm,

California has enacted the nation’s first law regulating Internet of Things (IoT) devices, which was signed by Governor Jerry Brown on September 28, 2018. IoT refers to the rapidly-expanding world of internet-connected objects such as home security systems, video monitors, enterprise devices that track packages and vehicles, health monitors, connected cars, smart city devices that manage traffic congestion, and smart meters for utilities.

IoT devices promise to bring efficiencies to a broad range of industries and improve lives. But these devices also collect vast troves of information, and this raises data security and privacy concerns. In 2016, a distributed denial of service (DDoS) attack on the internet infrastructure company Dyn was powered by millions of hacked IoT devices such as web cameras and connected refrigerators. Hackers have used baby monitors to view inside homes, with a prominent recent example being the widely-deployed Mi-Cam baby monitor. If hackers are able to get into critical IoT systems in first responder networks, then there could be public safety risks.

The most obvious vulnerabilities with IoT devices used by consumers are easily-guessed default passwords and weak authentication. Consumers rarely change default passwords because they do not know how to or because the user interface is confusing or hard to access.

California has responded by enacting a law (SB-327) that addresses some vulnerabilities. As a broad measure, the law requires manufacturers to equip IoT devices with “a reasonable security feature or features” that are appropriate to the nature and function of the device; appropriate to the information it may collect, contain or transmit; and designed to protect the devices and information on them from unauthorized access or disclosure.

The law states that having a unique preprogrammed password for each IoT device or requiring the user to generate a new means of authentication before access to the device is granted for the first time is deemed to be a reasonable security feature. There are some exceptions, but this should cover many consumer-grade IoT devices. The law goes into effect on January 1, 2020. There is no private right of action, and the law will instead be enforced by the state Attorney General and local authorities.

Will this increase the security of IoT devices? It probably will to some degree. The law only applies to devices that are sold or offered for sale in California, but due to the size of the California market it could become a national standard for manufacturers. On the other hand, IoT devices have additional vulnerabilities that are not addressed. Overall, it is likely the start of initiatives in other states and the federal government to bring greater security to IoT. Hopefully those measures will promote security without slowing innovation in this exciting industry.

  
Print This Post Print This Post    Email This Post Email This Post

Discuss this article

no comments yet

Leave a Reply

Your email address will not be published. Required fields are marked *

Please answer the following question to confirm that you are a real person: *

Top Business News

 

Top Natural Resource News

 

Top Faith News

 

Copyright © 2018, OregonReport. All Rights Reserved. | Terms of Use - Copyright - Legal Policy | Contact Oregon Report

--> --> -->