Need to Know: The California IoT Cybersecurity Law

Need to Know: The California IoT Cybersecurity Law

Last week, California Governor Jerry Brown signed into law SB-327. This will be first U.S. cybersecurity law covering the Internet of Things (IoT): a notoriously porous area of modern endpoint security perimeters.

The California IoT Cybersecurity Law will come into enforcement on January 1, 2020. Here are some of the key takeaways from this brand new law:

  • Manufacturers of connected devices like IoT must equip the device with reasonable security features appropriate to the nature and function of the device.
  • These IoT security features must be appropriate to the information the device collects, contains, or transmits.
  • The security features must protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.  
  • Preprogrammed passwords installed in IoT devices must be unique to each device manufactured.
  • If the device does not have a preprogrammed passwords, users must set their own password the first time they connect.

The California IoT Cybersecurity Law has been praised and criticized in equal measure. Those in favor praise the law as a much needed first step to better digital perimeter security. Criticisms tend to focus on the law not addressing the negative aspects of the IoT which can cause data breaches.

The IoT has long suffered from blatant security risks. IoT manufacturers often don’t place any endpoint security on their IoT devices or place minimal security which is difficult to update or replace. Many devices come with default standard credentials shared among them that can be exploited to access any network the device connects. Whether the California IoT Cybersecurity Law disrupts this pattern of complacency remains to be seen, but it can be seen as an indication of changes to come.

Other Resources: 

You Need to Hire More Female Cybersecurity Professionals

In Focus: The Desperate Shortage of Women in Cyber Security

Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms (EPP): What’s Changed?

4 Tips For Endpoint Security Solutions (That Everyone Forgets)

Comparing the Top Endpoint Security Vendors — Solutions Review

Answering the Top 4 Enterprise Endpoint Security Questions

What Can We Expect for the Future of Endpoint Security?

Six Endpoint Security Vendors to Watch in 2018

The 25 Best Endpoint Security Platforms and Tools of 2018

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me

Leave a Reply

Your email address will not be published. Required fields are marked *