The Main Features of The California Bill SB-327 Targeting IoT Devices

By the year 2020, China’s spending on IoT manufacturing is estimated to rise to $127.5 billion. As China is the biggest producer of electronics goods, it is quite expected that the country is well-equipped to make IoT-integrated infrastructure, and smart cities around the world. China’s government is a major driving force behind the country’s adoption of the Industrial IoT. China’s tectonic shift toward IoT adoption, innovation and R&D has seemingly happened overnight. Inspired by the successes of internet giants such as Tencent, Baidu and Alibaba, numerous IoT startups, together with large service and technology providers, exhibited a new entrepreneurial zeal.

The IoT, will increase productivity by combining AI, cloud computing and advanced analytics to automate manufacturing processes via internet connectivity. It will enable factories to monitor and interpret data from production lines and complex machinery in real time to anticipate faults, manage infrastructure and mitigate risk.

China’s IoT Product in the California Market-

Policymakers grew more concerned about vulnerabilities in IoT devices after the massive Mirai botnet attack in 2016 highlighted just how poorly secured many such devices are. In that incident, hackers exploited weaknesses in webcams and other connected devices and used them to launch cyberattacks that took down Netflix, Spotify and other major websites for hours. As China made IoT products are dominating the world’s market, quite evidently they entered California and prompted California Governor Jerry Brown last week approved SB-327, the first information security law in the U.S. specifically targeting the IoT devices.

The Key Feature of the SB-327 Bill-

This bill, beginning on January 1, 2020, would require a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified. Crucially, there is no threshold number for product sales in California. Consequently, pretty much any manufacturer, anywhere, could be subject to SB-327. The bill would, among other things, ban default login credentials and require that devices urge customers to change their username and password upon first use.

It also vaguely mandates that such devices incorporate “reasonable security features” that are “appropriate to the nature and function of the device.” The bill includes provisions that attempt to unintended consequences of enhanced security. It states, for instance, that devices can’t limit law enforcement agencies from obtaining the information they’re legally allowed to access, and that users still have a right to “full control” over a connected device.

Share with friends: