In today’s world, technology can be found nearly everywhere. As more advanced technology continues to pervade society, it is increasingly important to ensure proper steps are taken to keep people safe. In fact, recent efforts have been made to improve this. For example, a bill has been introduced that will set cybersecurity standards for all devices connected by the Web.
This is particularly important as the number of these products continues to increase rapidly. Additionally, innovative yet malevolent hackers find or develop new ways to take advantage of these weaknesses. This often results in a security breach, loss of productivity, and even financial manipulation, etc.
As with many policies, including ones regulating transparency and protecting privacy, once again California leads the way. The bill easily passed through the Senate. Once it is signed by democratic Governor Jerry Brown (if, and when it is), this will be the first state to pass laws that govern the security of the “Internet of Things.”
What Is the Internet of Things?
Coined in the 1990s, the phrase “Internet of Things” (IoT) refers to the system of connections of seemingly benign items in your home or office, or on your person that use the Internet. These do not include devices like computers or smartphones, which obviously use the Internet. Instead, it is the network of devices, appliances, vehicles, and other items that have actuators, connectors, electronics, sensors, and software installed.
Examples of IoT devices include the following:
- Baby monitors
- Driverless car or truck
- Fitness bands
- Lightbulb controlled by a Smartphone app
- Motion sensor
- Smart thermostat
- Some toys
- Small appliances
IoT creates opportunities for the appliance or device to connect and exchange data without human interaction. This makes their use very convenient, as it allows them to have more direct interaction with the physical world.
Unfortunately, this also leaves them vulnerable to the attack of malicious hackers.
Years ago, crowd-sourcing cybersecurity firm Bugcrowd’s founder Casey Ellis warned, “It’s important for [Internet of Things] vendors who haven’t prioritized security to take this escalating series of attacks as a wake-up call. We’re entering a period where there could be a very real, calculable, and painful impact upon having insecure products.” California lawmakers are finally taking note.
How Is California Leading the Way to Better Cybersecurity?
The new California bill will require manufacturers to install “a reasonable security feature or features” into all connected devices. It also specifies that these items have passwords that can be reprogrammed by the owner to improve security. Most products are not currently equipped with these safeguards.
What Are the Three Outstanding Complaints about the Bill?
There are several aspects of the bill that naysayers take issue with. The first complaint about the bill is that it may increase the cost of products and suppress innovation more than it actually helps. Any time new standards are required, this is the first issue to be mentioned. Although this usually increases the cost initially, it typically decreases over time.
The second potential problem is that it mandates the addition of security features rather than removing a product’s vulnerabilities. This is like putting a bandage on a wound rather than ensuring the wound does not occur at all. It would be better to remove weaknesses than to try to shore them up.
The third issue is that the ambiguous wording of the bill does little to cause real change. It is said that only the most basic automated threats would be prevented. Perhaps a better solution would be to provide clear standards. Manufacturers would be able to follow these standards, as well as verify that they have been met.
How Would New Federal Regulations Be Better?
The federal government is also considering new cybersecurity regulations regarding IoT. The Internet of Things Cybersecurity Improvement Act would require any company that does business with the federal government to improve their products’ security. They would need to have changeable passwords, be patchable, and be free of known vulnerabilities.
Securing the IoT Act would mandate that the Federal Communications Commission develop standards that wireless equipment would need to meet to become certified.
Although the need for federal standards received bipartisan support, neither of these regulations is gaining steam in Congress. If the bill in California passes, it may provide the incentive to discuss this more seriously on a federal level. Once again, the west coast will lead the way.
At this time, the wording for what constitutes “appropriate” security procedures is too ambiguous. For example, it does not address the various functions and nature of specific devices. Plus, there is no method for verifying whether the manufacturer took the necessary security precautions.
However, as tech-forward devices proliferate homes and businesses, it is increasingly important to improve their security. Ultimately, if manufacturers must adhere to California laws regarding cybersecurity, consumers throughout the country will benefit.