California Calls for Stronger Security Measures For The Internet of Things (IoT)
Because of ongoing technological advances, manufacturers are connecting all kinds of consumer goods to the internet at fast speeds. This creates the Internet of Things (IoT) and experts are calling it a security nightmare. The IoT connects products with technology in ways to make day to day living much easier and tasks to be almost effortless.
Just like almost all innovation, risks are involved with the IoT. There are risks for having personal information accessed or the remote control of devices after they have been taken over. For any devices with a physical effect on the world, such as pacemakers, thermostats, and cars, there are serious risks that could involve the loss of property and the loss of life.
Hacks can be diverted with more advanced security features being built into these products. Why aren’t these security measures being developed? No financial incentives have been made available to companies to invest in the cybersecurity measures that are necessary to keep products secure on the IoT.
Another problem is that the consumer base will continue to buy these products without the additional security features without the knowledge of the lack of security and that their information is vulnerable to hackers. Current liability laws make it challenging to hold companies responsible for poor software security.
Where Does The Responsibility Lie?
While everyone is pointing fingers about the insecurity of the IoT, it might be time to determine who should step up to the plate and take responsibility for the protection of property, life, and data. It is the responsibility of the lawmakers to pass legislation that makes laws to create consumers.
The U.S. government has been absent from addressing consumer protection needs, but in California, the state has stepped up to start regulating all IoT devices that are sold in that state. Soon, those effects will be felt around the globe.
California passed SB 327, which will go into effect in 2020. The law requires that all connected devices have reasonable security features. Connected device is a broad term that is used in this sense to include just about anything internet connected.
What isn’t good news is that reasonable security is defined in a way that allows companies who don’t want to comply with the order can argue that there is no way to enforce the law. The legislation indicates that security features protect the information stored on the device as well as the device itself.