California Governor Jerry Brown is the first governor to sign a bill to protect against the very prevalent cyber attacks on Internet of Things (IoT) devices. CNET tells:
The law mandates that any maker of an Internet-connected, or “smart,” device ensure the gadget has “reasonable” security features that “protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.”
Since this bill is the first of its kind, it is expected that many other states will begin to follow California’s example and implement some sort of protection against IoT attacks. Although the bill requires manufacturers to assign a password to each device, many of the stipulations are non-specific, like many cyber laws. It is hard to be specific in a case like this, as attacks could easily find a loophole not covered within the bill. With a vague bill, it in a way could deter an attacker who knows the law could be translated in a number of ways to point to what he or she might have been doing as illegal.
This need of security was demonstrated most by the WannaCry ransomware attacks that hit hospitals across the nation. Hospitals have been increasingly using devices connected to their networks to aid in caring for patients. The attacks locked up devices that were in use, potentially threatening the lives of patients. An attack like this is more alarming than many ransomware attacks, as it takes the attacker’s morals (or in this case, lack of morals) into account more than other attacks.
The lack of security on IoT devices has desperately needed to be addressed, as over 8.4 billion IoT devices are out in the world on networks with little to no security. The law goes into effect at the beginning of 2020. California’s status as the most populated state in the U.S. is part of the reason the bill was signed into effect and is also the hope for cyber security experts to be influential in persuading others to join in the fight against attacks.