October 4, 2018

California Steps Up for IoT Device and Data Security

Concern over vulnerabilities in IoT products and services has become a top of mind issue with policymakers. From serious internet attacks such as the Mirai botnet cyberattack which took down major websites such as Netflix and Spotify, to privacy concerns over connected consumer devices, there is a strong push for government regulation.

California has stepped into the forefront of this issue by enacting Senate Bill 327 , the Internet of Things Cybersecurity bill which will become law on January 1, 2020. This new law, first of its kind in the US, requires manufacturers to equip connected devices with reasonable security features protecting both the device and its data. The law’s main focus is to utilize secure authentication to create trust in IoT devices and protect data privacy by preventing unauthorized access.

California’s IoT cybersecurity law is just the first wave. Inspired by the Mirai botnet attack, US Senators have introduced a bill, the Internet of Things Cybersecurity Improvement Act, which would require companies that do business with the federal government to ensure that their connected devices include patch and password management and are free of known security vulnerabilities. The hope is that this bill, when enacted into law, will force security into IoT at the federal level and from there filter down to private sectors, and on to consumers.

Veteran cybersecurity expert and cryptographer Bruce Schneier, who helped draft the IoT Cybersecurity Improvement Act, applauded the initiative, telling The Washington Post that it will “help everybody” even if “it probably doesn’t go far enough.”

Government regulations aside, according to National Institute of Standards and Technology (NIST), trust and privacy concerns may negatively impact the adoption of IoT products and services. NIST is currently in the midst of drafting a publication that will take a deep dive into the IoT trust concerns.

Clearly device trust and data protection are the cornerstones of secure IoT products and services. Device trust and data protection are now mandated by law in California and soon will be at the federal level. Is this good news for the IoT industry? I think so. Resolving device trust and data protection will most certainly accelerate the adoption of IoT products and services.

Device Authority’s KeyScaler platform, the Industry’s first Device Centric IAM addresses these issues. The KeyScalerplatform resolves IoT security concerns such as secure onboarding and provisioning of devices, secure updates, end-to-end data encryption, and facilitates best practices such as password and certificate management and credential rotation. Whether you’re working in federal government, healthcare, or Industrial IoT, find out how Device Authority can help companies meet compliance requirements and accelerate adoption of IoT products and services at www.deviceauthority.com

Need a quick and easy way to implement IoT security?

Learn more about our managed service: KeyScaler as a Service (KSaaS).

Device Authority