California passes nation’s first IoT security bill
As it has done with the issues of online privacy and restoring net neutrality, California becomes the first state to act to secure the Internet of Things. It’s back to the future time again for California. Having adopted the nation’s toughest online privacy protection measure and restored state-level net neutrality protections that are tougher on ISPs than the FCC regulations, the Golden State’s Legislature has just sent a bill to the governor’s desk for signature that would make California the first state to attempt IoT security governance.
SB-327 Information privacy: connected devices introduces security requirements for connected devices sold in the US. It defines them as any device that connects directly or indirectly to the internet and has an IP or Bluetooth address. This bill, beginning on January 1, 2020, would require a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.k