The News: As of January 1, 2020 both California and Oregon’s IoT cybersecurity laws (SB 327 and HB 2395 respectively) covering “smart” devices went into effect. These laws state that any manufacturer of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security features. As IoT cybersecurity regulations begin on the local (state) level, federal regulation is looming. Depending on the IoT vendor’s point of view, regulatory change will either help or hinder innovation. Either way, such changes are already taking place and participants in IoT ecosystems should be prepared as it adds a layer of compliance into their operations. Firedome published a good overview on these new laws here if you’d like a deeper dive.
Analyst Take: IoT cybersecurity regulations are kicking in as we move into 2020. That’s significant for device, automotive and sensor manufacturers, network, software and platform providers—all players in the Internet of Things (IoT) ecosystem who anticipate industry growth into the tens of billions as we launch into the 2020s. With IoT comes the promise of connected homes and cars, as well as smart cities, smart health, and more. However, as the number of things connected to the internet grows exponentially, so do the risks of cyber-attacks. Due to these risks, regulators are now stepping in.
The main reasons for security breaches in IoT are due to vulnerabilities in hardware and software, like default admin passwords or less secure peer-to-peer (P2P) internet connections. A prime example is the disruptive Mirai botnet strain, which used hundreds of thousands of IoT devices (like DVRs and IP cameras) to launch widespread malware in October of 2016. Since then, there have been examples of very public and global IoT security breaches that occurred through devices such as smart watches, toys, and dated medical equipment in hospitals.
As a result, whether IoT vendors agree or not, IoT security legislation has either been passed or is currently in deliberation. How it impacts the IoT community and the technology that surrounds it is that it now means vigilance will be required in tracking new regulation to make sure that you and the partners in your ecosystem are compliant.
In addition to laws in California and Oregon, on the federal level in the U.S., the Internet of Things Cybersecurity Improvement Act is a bipartisan effort that is still in deliberation and differs from local legislation in that it requires recommendations from the National Institute of Standards and Technology. Meanwhile globally, the UK and Japan are tackling IoT cybersecurity through regulations of their own, with Japan being more proactive with full-launch investigations to find IoT security breaches.
Critics of current and proposed IoT security regulations claim it is too vague, creates more cost, and stymies innovation. Proponents say it is a starting point, will foster standards amongst the tech industry, and is better than having IoT ecosystems open to an attack at any time over any network or device. At this point, it’s inevitable—IoT cybersecurity regulations are gaining momentum and as it evolves, IoT players will have to stay vigilant in tracking new laws.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.
IoT Cybersecurity Improvement Act Calls for Deployment Standards
Massive GDPR Fines Mean Investors, Board Members Rethink Cybersecurity
The Race for Data and the Cybersecurity Challenges This Creates
The original version of this article was first published on Futurum Research.
In this guest contribution from Steve Vonder Haar, Senior Analyst with Wainhouse, a Futurum Group…
In this guest contribution from Craig Durr, Senior Analyst with Wainhouse, a Futurum Group Company,…
Futurum's Daniel Newman dives into the recent announcement coming out of Micron, that they will…
Futurum analyst Michael Diamond recaps the Amazon Devices and Services event and reviews some of…
Futurum senior analyst Steven Dickens provides his take on the latest announcements coming out of…
Futurum’s Ron Westfall and Daniel Newman examine Micron’s financial results for the fourth quarter 2022…