The governor of California signed the first Internet of things (IoT) security law in the USA (SB-327). According to the law, the manufacturers of connected devices are responsible for equipping their devices ‘with reasonable security measures to protect them from unauthorized access, use, destruction, disclosure, or modification by hackers’. The bill explains that the installed security features should be ‘…appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure..’. The law, which is scheduled to go into effect in January 2020, does not specify means for enforcement, so it will be up to the California attorney general to decide on the matter.
The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'.
Cybersecurity is among the main concerns of governments, Internet users, technical and business communities. Cyberthreats and cyberattacks are on the increase, and so is the extent of the financial loss.
Yet, when the Internet was first invented, security was not a concern for the inventors. In fact, the Internet was originally designed for use by a closed circle of (mainly) academics. Communication among its users was open.
Cybersecurity came into sharper focus with the Internet expansion beyond the circle of the Internet pioneers. The Internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its disadvantage.