California became the first state to enact a law covering cybersecurity related to ‘smart devices” SB 327(2018). Effective January 1, 2020 any manufacturer of a device that connects “ directly or indirectly” to the internet must equip the device with “reasonable” security features designed to prevent unauthorized access, modification, or information disclosure. If the device can be accessed outside a local area network with a password, it must come with a unique password for each device, or force users to set their own password the first time they connect. There can be no generic default credentials that might be discovered by a hacker. The law covers any device makers who sell products in California. As a result this California law will likely be followed by most IoT device manufacturers as they will not want to give up the California market. Oregon followed California’s lead and also passed a law to require manufacturers of internet “connected devices” that make, sell or offer to sell the devices in the state to equip the device with “reasonable security features” . According to the Oregon law, “[R]easonable security features” means methods to protect a connected device – and any information the connected device stores – from unauthorized access, destruction, use, modification or disclosure that are appropriate for the nature and function of the connected device and for the type of information the connected device may collect, store or transmit.
27
Made with FlippingBook - Online Brochure Maker