Last week, California Governor Jerry Brown signed into law SB-327. This will be first U.S. cybersecurity law covering the Internet of Things (IoT): a notoriously porous area of modern endpoint security perimeters.
The California IoT Cybersecurity Law will come into enforcement on January 1, 2020. Here are some of the key takeaways from this brand new law:
- Manufacturers of connected devices like IoT must equip the device with reasonable security features appropriate to the nature and function of the device.
- These IoT security features must be appropriate to the information the device collects, contains, or transmits.
- The security features must protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.
- Preprogrammed passwords installed in IoT devices must be unique to each device manufactured.
- If the device does not have a preprogrammed passwords, users must set their own password the first time they connect.
The California IoT Cybersecurity Law has been praised and criticized in equal measure. Those in favor praise the law as a much needed first step to better digital perimeter security. Criticisms tend to focus on the law not addressing the negative aspects of the IoT which can cause data breaches.
The IoT has long suffered from blatant security risks. IoT manufacturers often don’t place any endpoint security on their IoT devices or place minimal security which is difficult to update or replace. Many devices come with default standard credentials shared among them that can be exploited to access any network the device connects. Whether the California IoT Cybersecurity Law disrupts this pattern of complacency remains to be seen, but it can be seen as an indication of changes to come.
You Need to Hire More Female Cybersecurity Professionals
In Focus: The Desperate Shortage of Women in Cyber Security
Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms (EPP): What’s Changed?
4 Tips For Endpoint Security Solutions (That Everyone Forgets)
Comparing the Top Endpoint Security Vendors — Solutions Review
Answering the Top 4 Enterprise Endpoint Security Questions
What Can We Expect for the Future of Endpoint Security?
Six Endpoint Security Vendors to Watch in 2018
The 25 Best Endpoint Security Platforms and Tools of 2018
- Endpoint Security Providers: Best of 2023 and Beyond - October 31, 2022
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021