Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

California: The First State With an Internet of Things Cybersecurity Law

December 17, 2018

A reporter I talked to last week about the Internet of Things reminded me of a story that I neglected to cover. As The Verge reported several months ago, California has become the first state with an Internet of Things Cybersecurity law.

Starting on January 1st, 2020, any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features, designed to prevent unauthorized access, modification, or information disclosure. If it can be accessed outside a local area network with a password, it needs to either come with a unique password for each device, or force users to set their own password the first time they connect. That means no more generic default credentials for a hacker to guess.

That is a major first step. There has been criticism that the law is too vague, because it doesn’t cover the whole range of authentication systems that “may or may not be called passwords,” which could still let manufacturers leave the kind of security holes that allowed the devastating Mirai botnet to spread in 2016.

Harvard University fellow Bruce Schneier, who is revered in the cybersecurity world, has said that it’s a good start. “It probably doesn’t go far enough — but that’s no reason not to pass it,” he told The Washington Post. While the rule is only state-wide, any device-makers who sell products in California would pass the benefits on to customers elsewhere.

Several Internet of Things-related bills have been introduced in Congress, but none have made it to a vote. Given the Congress we're stuck with, the failure to pass a sensible law doesn't surprise anyone. Clearly, federal legislation is needed, but kudos to California for beginning an important process.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

California: The First State With an Internet of Things Cybersecurity Law

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer