California has passed two laws that will improve security protections on IoT devices. The laws, known as SB–327 and AB–1906, require developers of these devices to implement security measures early in the design phase. These laws apply to all devices directly or indirectly connected to the internet and that have an IP address or Bluetooth address. Manufacturers must also build in sensible security features to connected devices and require connected devices come with unique passwords that users can later change.
According to Jonathan Fairtlough, Managing Director in Cyber Risk practice at Kroll, a division of Duff & Phelps, the principles advanced in the new legislation are likely to be adopted industrywide. "The size of the California market, the advanced nature of California regulations, the state’s focus on smart grid test technologies – those are all key factors,” he said. “I think the market will make this law, which although it’s really enforceable only in California as structured for infrastructure entities, it will really become the de facto standard.”
Read the full article on the Icons of Infrastructure website