The nation's first IoT security act was just signed into law in California. The law isn't just about the IoT, but billions of small connected devices will have to add critical features if they're sold in the state after Jan. 1, 2020.
SB-327 is broad legislation that applies, with some exceptions, to "…any device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address." Those devices will be required to have basic security capabilities installed — though precisely what those might be is not spelled out in the legislation.
Instead, the law requires steps that are "appropriate" to the device and the information it collects, protecting each from "…unauthorized access, destruction, use, modification, or disclosure." Specifically, if a device has provisions for unique authentication of device and/or users, it is considered to be in compliance with the law.
The exceptions to the requirement are those devices that fall under federal laws or regulations, including medical devices.
For more, read here.
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.